Date: Mon, 09 Oct 2000 13:34:00 +0700 From: "Rashid N. Achilov" <shelton@sentry.granch.ru> To: Nick Rogness <nick@rapidnet.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: Where I was wrong? Message-ID: <39E166D8.8F9662AC@sentry.granch.ru> References: <Pine.BSF.4.21.0010061601420.72217-100000@rapidnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Nick Rogness wrote: > > On Fri, 6 Oct 2000, Rashid N. Achilov wrote: > > > > > ipfw add 100 fwd 10.0.0.2 ip from 10.0.2.2 to any out xmit rl0 > > Hmmm, take out the "out via rl0". I have given simplified network model. Really this box has 6 (six) network interfaces, which binded parts of internal network structure and Internet too. If I take out "via" and then go to internal network, I'll find myself at external interface :-( > > > > > and next rule to stop all other to Internet > > > > ipfw add 200 deny log tcp from 10.0.2.0/24 to any 80 > > > > And now I deny too! Why? Where I'm wrong? > > > > WHat does the deny log entry look like? > Deny TCP 10.0.0.2:XXXX YYY.YYY.YYY.YYY:80 in via ed0 Deny TCP 10.0.0.2:XXXX YYY.YYY.YYY.YYY:80 out via rl0 -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Brainbench ID: 28514 Granch Ltd. lead engineer, e-mail: achilov@granch.ru tel/fax (383-2) 24-2363 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39E166D8.8F9662AC>