From owner-freebsd-ipfw@FreeBSD.ORG Thu Jun 15 21:07:33 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0654916A474 for ; Thu, 15 Jun 2006 21:07:33 +0000 (UTC) (envelope-from mufalani@oi.com.br) Received: from smtp1.oi.com.br (smtp1.oi.com.br [200.222.115.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 411A643D53 for ; Thu, 15 Jun 2006 21:07:32 +0000 (GMT) (envelope-from mufalani@oi.com.br) Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp1.oi.com.br (Postfix) with ESMTP id E3B608022289 for ; Thu, 15 Jun 2006 18:07:25 -0300 (BRT) Received: from smtp1.oi.com.br (localhost.localdomain [127.0.0.1]) by smtp1.oi.com.br (WCVirscan) with SMTP id 000071c34491cc0d ; Thu, 15 Jun 2006 18:07:25 -0300 Received: from cristian2aebca (200216077087.user.veloxzone.com.br [200.216.77.87]) by smtp1.oi.com.br (Postfix) with SMTP id 3A45B8021EA4 for ; Thu, 15 Jun 2006 18:07:25 -0300 (BRT) Message-ID: <000b01c690bf$b0fb72a0$0101a8c0@cristian2aebca> From: "mufalani" To: Date: Thu, 15 Jun 2006 18:07:19 -0300 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2670 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: ipfw rules + natd .. other question X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Jun 2006 21:07:33 -0000 Hi all, Thank you for help me in configure NAT ... It=B4s working perfectly!!! One another doubt... where my public address =3D 200.X.Y.Z and my trusted addresses =3D 201.1.2.3, 205.6.7.8 I want to only liberate the access to IP 200.X.Y.Z=20 for addresses: 201.1.2.3, 205.6.7.8 and to block for the remaining = portion of the world. You can help me? ###############my natd.conf############### log yes same_ports yes use_sockets yes interface rl0 redirect_port tcp 10.0.0.211:80 200.X.Y.Z:80 redirect_port tcp 10.0.0.211:80 200.X.Y.Z:80 ############# end nat.conf ################# ############ rc.local #################### /sbin/natd -s -n rl0 -p 8668 -config "/etc/natd.conf" /sbin/ipfw -f flush ## /sbin/ipfw add 100 allow ip from 205.6.7.8 to 200.X.Y.Z keep-state /sbin/ipfw add 100 allow ip from 201.1.2.3 to 200.X.Y.Z keep-state ## /sbin/ipfw add 120 deny ip from any to 200.X.Y.Z ## /sbin/ipfw add 140 divert 8668 ip from any to 200.X.Y.Z in recv rl0 /sbin/ipfw add 150 divert 8668 ip from 201.0.0.0 to 200.X.Y.Z in recv = rl0 /sbin/ipfw add 160 divert 8668 ip from 10.0.0.211 to any out xmit rl0 ############# end rc.local #################