From owner-freebsd-isp  Wed May 29  6:24:32 2002
Delivered-To: freebsd-isp@freebsd.org
Received: from mail.ecotech.com.lr (mail.liberiaonline.com.lr [64.110.100.164])
	by hub.freebsd.org (Postfix) with SMTP id 0FEAA37B400
	for <freebsd-isp@freebsd.org>; Wed, 29 May 2002 06:24:26 -0700 (PDT)
Received: (qmail 5102 invoked by uid 85); 29 May 2002 13:23:15 -0000
Received: from unknown (HELO wireless) (216.252.230.146)
  by mail.liberiaonline.com.lr with SMTP; 29 May 2002 13:23:14 -0000
Message-ID: <005201c20714$220071b0$04ef10ac@wireless>
From: "Max" <max@ecotech.com.lr>
To: <freebsd-isp@freebsd.org>
References: <Pine.BSF.4.21.0205291657050.295-100000@park.rambler.ru>
Subject: Re: Firewall Setup
Date: Wed, 29 May 2002 13:24:13 -0000
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Virus-Scanned: by AMaViS perl-11
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org


----- Original Message -----
From: "Andrew Kopeyko" <kaa@rambler-co.ru>
To: <freebsd-isp@freebsd.org>
Cc: "Max" <max@ecotech.com.lr>
Sent: Wednesday, May 29, 2002 12:59 PM
Subject: Re: Firewall Setup


> On Wed, 29 May 2002, Max wrote:
>
> > Hi
> >
> > I am just setting up a firewall on my Freebsd 4.4 server that is being
> > used as a router. Problem is I would just like to have a subset of
> > machines on my network access that router instread of the whole
> > network. Could anyone give me some pointers for my rc.firewall file?
>
> What does it means - "access that router instread of the whole network"??
>
> Can you explain your needs in a few more words?
My network has other routers hardware and software. I want just few machines
to use this new router instead of the whole network so that even if a client
sets this
router has his default gateway, he will not be able to access the Internet!

I am thinking of some IP rules that would do this trick. However when I
allow
the subset of IPs there is a complaint from natd and routed like this:

natd[158]: failed to write packet back (Permission denied)
routed[165]: sendto(fxp0, 224.0.0.2): Permission denied

That's what i mean!

>
>
> --
> Best regards,
> Andrew Kopeyko <kaa@rambler-co.ru>
>
>   Rambler Co. http://www.rambler.ru/
>   phone : +7 095 745-3619
>
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message