From owner-freebsd-ipfw Fri Oct 6 9:19:49 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from sentry.granch.com (sentry.granch.com [212.109.197.55]) by hub.freebsd.org (Postfix) with ESMTP id 6909837B66D for ; Fri, 6 Oct 2000 09:19:43 -0700 (PDT) Received: from sentry.granch.ru (IDENT:shelton@localhost [127.0.0.1]) by sentry.granch.com (8.9.3/8.9.3) with ESMTP id XAA06755 for ; Fri, 6 Oct 2000 23:17:15 +0700 (NOVST) Message-ID: <39DDFB0B.22E04412@sentry.granch.ru> Date: Fri, 06 Oct 2000 23:17:15 +0700 From: "Rashid N. Achilov" Reply-To: achilov@granch.ru Organization: Granch Ltd. X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: ru, en MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Subject: Where I was wrong? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have a some FreeBSD box, connected to two different ISPs and my own private network. For example first ISP is 10.0.0.0/24, second 10.0.1.0/24 and my own network is 10.0.2.0/24, and FreeBSD router has: 10.0.0.1 to first ISP (10.0.0.2 other side, interface fxp0), 10.0.1.1 to second (10.0.1.2 other side, interface rl0) and 10.0.2.1 to private (interface ed0). My box in private is 10.0.2.2 and there are some other Windozes... Default gateway to all is 10.0.1.2 (second ISP other side) I wish I could forward all traffic from 10.0.2.2 to first ISP. I made this rule: ipfw add 100 fwd 10.0.0.2 ip from 10.0.2.2 to any out xmit rl0 and next rule to stop all other to Internet ipfw add 200 deny log tcp from 10.0.2.0/24 to any 80 And now I deny too! Why? Where I'm wrong? If I add next rule ipfw add 150 allow ip from 10.0.2.2.to any all, of course, OK, but why rule 100 don't work as I'd like? Please explain me... -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Brainbench ID: 28514 Granch Ltd. lead engineer, e-mail: achilov@granch.ru tel/fax (383-2) 24-2363 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message