Date: Wed, 25 May 2005 20:18:14 -0300 From: =?iso-8859-1?Q?M=E1rcio_Luciano_Donada?= <mdonada@slchapeco.org> To: <freebsd-ipfw@freebsd.org> Subject: Re: NAT question Message-ID: <005101c56180$07e78a10$ac01010a@emperor> References: <20050525115934.68740.qmail@web32906.mail.mud.yahoo.com> <42946C20.4070805@wsf.at>
next in thread | previous in thread | raw e-mail | index | archive | help
Good Night
A'm using natd and ipfw:
#NATD
${fwcmd} add divert 8668 ip from 192.168.1.0/24 to not 192.168.1.0/24
${fwcmd} add divert 8668 ip from not 192.168.1.0/24 to 200.1.2.3
[]'s
Márcio
> george roman wrote:
> > hi,
> > i have a small privat network and i do not want to
> > give internet acces to all the users in the network.
> > for nat, i use comand
> >
> > ipfw add divert natd all from any to any via fxp0
> >
> > what would be the comand with whom i can restrict
> > acces only to certain ip addresses ?
> >
> > i tried this command
> > ipfw add divert natd all from 192.168.1.1/32 to any
> > via fxp0
> >
> > to give access to internet only to the 192.168.1.1 ip
> > but it didn't work
>
> Yes, you are preventing incoming traffic from being nat'ed.
>
> Try using two rules instead:
>
> ipfw add divert natd all from any to any in recv fxp0
> ipfw add divert natd all from 192.168.1.1/32 to any out xmit fxp0
>
> Thomas
>
>
>
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
>
____________________________________________________
Yahoo! Mail, cada vez melhor: agora com 1GB de espaço grátis! http://mail.yahoo.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005101c56180$07e78a10$ac01010a>