Date: Fri, 16 Jun 2006 09:36:29 -0300 From: Leonardo Reginin <leonardo@procergs.rs.gov.br> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw rules + natd .. other question Message-ID: <4492A5CD.8020908@procergs.rs.gov.br> In-Reply-To: <000b01c690bf$b0fb72a0$0101a8c0@cristian2aebca> References: <000b01c690bf$b0fb72a0$0101a8c0@cristian2aebca>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------050607080704010607050306 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit mufalani wrote: >Hi all, > > Thank you for help me in configure NAT ... Itīs working perfectly!!! > >One another doubt... > >where my public address = 200.X.Y.Z >and my trusted addresses = 201.1.2.3, 205.6.7.8 > > I want to only liberate the access to IP 200.X.Y.Z >for addresses: 201.1.2.3, 205.6.7.8 and to block for the remaining portion of the world. > > You can help me? > >###############my natd.conf############### >log yes >same_ports yes >use_sockets yes >interface rl0 >redirect_port tcp 10.0.0.211:80 200.X.Y.Z:80 >redirect_port tcp 10.0.0.211:80 200.X.Y.Z:80 >############# end nat.conf ################# > >############ rc.local #################### >/sbin/natd -s -n rl0 -p 8668 -config "/etc/natd.conf" >/sbin/ipfw -f flush >## >/sbin/ipfw add 140 divert 8668 ip from any to 200.X.Y.Z in recv rl0 # ---> This rule will override 150 !! <--- >/sbin/ipfw add 150 divert 8668 ip from 201.0.0.0 to 200.X.Y.Z in recv rl0 >/sbin/ipfw add 160 divert 8668 ip from 10.0.0.211 to any out xmit rl0 > /sbin/ipfw add 170 allow ip from me to any via rl0 out ## # to permit the access to 200.x.y.z /sbin/ipfw add 200 allow ip from 205.6.7.8 to 200.X.Y.Z via rl0 in # to permit the http redirection to 10.0.0.211 /sbin/ipfw add 201 allow tcp from 205.6.7.8 to 10.0.0.211 80 via rl0 in /sbin/ipfw add 210 allow ip from 201.1.2.3 to 200.X.Y.Z via rl0 in # to permit the http redirection to 10.0.0.211 /sbin/ipfw add 211 allow tcp from 201.1.2.3 to 10.0.0.211 80 via rl0 in # to block everything else /sbin/ipfw add 1000 deny ip from any to 200.X.Y.Z ## >############# end rc.local ################# >_______________________________________________ >freebsd-ipfw@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > > --------------050607080704010607050306--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4492A5CD.8020908>