From owner-freebsd-ipfw Sun Oct 8 23:36:59 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from sentry.granch.com (sentry.granch.com [212.109.197.55]) by hub.freebsd.org (Postfix) with ESMTP id C737437B503 for ; Sun, 8 Oct 2000 23:36:54 -0700 (PDT) Received: from sentry.granch.ru (IDENT:shelton@localhost [127.0.0.1]) by sentry.granch.com (8.9.3/8.9.3) with ESMTP id NAA15801; Mon, 9 Oct 2000 13:34:00 +0700 (NOVST) Message-ID: <39E166D8.8F9662AC@sentry.granch.ru> Date: Mon, 09 Oct 2000 13:34:00 +0700 From: "Rashid N. Achilov" Reply-To: achilov@granch.ru Organization: Granch Ltd. X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: ru, en MIME-Version: 1.0 To: Nick Rogness Cc: freebsd-ipfw@freebsd.org Subject: Re: Where I was wrong? References: Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Nick Rogness wrote: > > On Fri, 6 Oct 2000, Rashid N. Achilov wrote: > > > > > ipfw add 100 fwd 10.0.0.2 ip from 10.0.2.2 to any out xmit rl0 > > Hmmm, take out the "out via rl0". I have given simplified network model. Really this box has 6 (six) network interfaces, which binded parts of internal network structure and Internet too. If I take out "via" and then go to internal network, I'll find myself at external interface :-( > > > > > and next rule to stop all other to Internet > > > > ipfw add 200 deny log tcp from 10.0.2.0/24 to any 80 > > > > And now I deny too! Why? Where I'm wrong? > > > > WHat does the deny log entry look like? > Deny TCP 10.0.0.2:XXXX YYY.YYY.YYY.YYY:80 in via ed0 Deny TCP 10.0.0.2:XXXX YYY.YYY.YYY.YYY:80 out via rl0 -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Brainbench ID: 28514 Granch Ltd. lead engineer, e-mail: achilov@granch.ru tel/fax (383-2) 24-2363 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message