From owner-freebsd-ipfw@FreeBSD.ORG Fri Jun 16 12:36:32 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E491116A479 for ; Fri, 16 Jun 2006 12:36:32 +0000 (UTC) (envelope-from leonardo@procergs.rs.gov.br) Received: from madison.procergs.com.br (madison.procergs.com.br [200.198.128.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F53A43D48 for ; Fri, 16 Jun 2006 12:36:31 +0000 (GMT) (envelope-from leonardo@procergs.rs.gov.br) Received: from [172.28.5.117] (unknown [172.28.5.117]) by madison.procergs.com.br (Postfix) with ESMTP id 8B9047F0AD for ; Fri, 16 Jun 2006 09:37:01 -0300 (BRT) Message-ID: <4492A5CD.8020908@procergs.rs.gov.br> Date: Fri, 16 Jun 2006 09:36:29 -0300 From: Leonardo Reginin User-Agent: Mozilla Thunderbird 1.0.7 (X11/20060210) X-Accept-Language: en-us, en MIME-Version: 1.0 Cc: freebsd-ipfw@freebsd.org References: <000b01c690bf$b0fb72a0$0101a8c0@cristian2aebca> In-Reply-To: <000b01c690bf$b0fb72a0$0101a8c0@cristian2aebca> Content-Type: multipart/mixed; boundary="------------050607080704010607050306" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: ipfw rules + natd .. other question X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jun 2006 12:36:33 -0000 This is a multi-part message in MIME format. --------------050607080704010607050306 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit mufalani wrote: >Hi all, > > Thank you for help me in configure NAT ... Itīs working perfectly!!! > >One another doubt... > >where my public address = 200.X.Y.Z >and my trusted addresses = 201.1.2.3, 205.6.7.8 > > I want to only liberate the access to IP 200.X.Y.Z >for addresses: 201.1.2.3, 205.6.7.8 and to block for the remaining portion of the world. > > You can help me? > >###############my natd.conf############### >log yes >same_ports yes >use_sockets yes >interface rl0 >redirect_port tcp 10.0.0.211:80 200.X.Y.Z:80 >redirect_port tcp 10.0.0.211:80 200.X.Y.Z:80 >############# end nat.conf ################# > >############ rc.local #################### >/sbin/natd -s -n rl0 -p 8668 -config "/etc/natd.conf" >/sbin/ipfw -f flush >## >/sbin/ipfw add 140 divert 8668 ip from any to 200.X.Y.Z in recv rl0 # ---> This rule will override 150 !! <--- >/sbin/ipfw add 150 divert 8668 ip from 201.0.0.0 to 200.X.Y.Z in recv rl0 >/sbin/ipfw add 160 divert 8668 ip from 10.0.0.211 to any out xmit rl0 > /sbin/ipfw add 170 allow ip from me to any via rl0 out ## # to permit the access to 200.x.y.z /sbin/ipfw add 200 allow ip from 205.6.7.8 to 200.X.Y.Z via rl0 in # to permit the http redirection to 10.0.0.211 /sbin/ipfw add 201 allow tcp from 205.6.7.8 to 10.0.0.211 80 via rl0 in /sbin/ipfw add 210 allow ip from 201.1.2.3 to 200.X.Y.Z via rl0 in # to permit the http redirection to 10.0.0.211 /sbin/ipfw add 211 allow tcp from 201.1.2.3 to 10.0.0.211 80 via rl0 in # to block everything else /sbin/ipfw add 1000 deny ip from any to 200.X.Y.Z ## >############# end rc.local ################# >_______________________________________________ >freebsd-ipfw@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > > --------------050607080704010607050306--