From owner-freebsd-security@FreeBSD.ORG Thu May 22 15:22:38 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4D8737B401 for ; Thu, 22 May 2003 15:22:38 -0700 (PDT) Received: from computer.multihaven.org (rrcs-midsouth-24-172-21-179.biz.rr.com [24.172.21.179]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF0B143FB1 for ; Thu, 22 May 2003 15:22:33 -0700 (PDT) (envelope-from jeremy@multihaven.org) Received: from engineering.multihaven.org (engineering.multihaven.org [192.168.215.2])h4MMMVJV000734 for ; Thu, 22 May 2003 18:22:31 -0400 (EDT) (envelope-from jeremy@multihaven.org) Message-Id: <5.2.0.9.2.20030522181931.00baf808@computer.multihaven.org> X-Sender: jeremy@computer.multihaven.org (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Thu, 22 May 2003 18:22:31 -0400 To: freebsd-security@freebsd.org From: Jer Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: NAT+IPFW X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 May 2003 22:22:39 -0000 Dear all I need to do the following I have a fbsd router that runs nat and routes some public IP addresses I ned to use the ipfw rules to deny traffic from the public IP's AND the nat o do bandwidth limiting eg deny tcp from 192.168.200.1 to www.yahoo.com http out and deny tcp from 24.199.213.1 to www.yahoo.com http out my questions are where do I place the rules in relation to the divert rules etc Thanks