From owner-freebsd-config@FreeBSD.ORG Tue Mar 2 10:00:09 2004 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 88E6F16A4CE for ; Tue, 2 Mar 2004 10:00:09 -0800 (PST) Received: from avs1.arnes.si (avs1.arnes.si [193.2.1.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3DC7D43D2D for ; Tue, 2 Mar 2004 10:00:09 -0800 (PST) (envelope-from sasa@stupar.homelinux.net) Received: from localhost (avs1.arnes.si [193.2.1.74]) by avs1.arnes.si (Postfix) with ESMTP id 361692E0136 for ; Tue, 2 Mar 2004 19:00:07 +0100 (CET) Received: from avs1.arnes.si ([193.2.1.74]) by localhost (avs1.arnes.si [193.2.1.74]) (amavisd-new, port 10024) with ESMTP id 86896-01 for ; Tue, 2 Mar 2004 19:00:06 +0100 (CET) Received: from xmail.homelinux.net (cmb16-74.dial-up.arnes.si [194.249.51.74]) by avs1.arnes.si (Postfix) with ESMTP id C95B32E00EB for ; Tue, 2 Mar 2004 19:00:04 +0100 (CET) X-AV-Scanned: yes 2b286ca2dac056d2e5491a3d90535a5e X-AuthUser: sasa@stupar.homelinux.net Received: from stupar.homelinux.net (192.168.10.1:4674) (Linux/Ix86) ESMTP Server]; Tue, 2 Mar 2004 19:00:17 +0100 Message-ID: <4044CBA0.8090403@stupar.homelinux.net> Date: Tue, 02 Mar 2004 19:00:00 +0100 From: Sasa Stupar User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; sl-SI; rv:1.6) Gecko/20040113 X-Accept-Language: sl, en-gb, en MIME-Version: 1.0 To: freebsd-config@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at arnes.si Subject: Converting iptables to ipfw X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 18:00:09 -0000 Hi! I am thinking to change my old linux router to the freebsd one. The question is: how difficult is to convert iptables into ipfw rules? I need some basic things with that router: - internet gateway for LAN users - packet filtering with MAC/IP address filtering - port forwarding - NAT onto same network so that LAN users can access web server which is on the LAN also Is this all possible with ipfw? Regards, Sasa From owner-freebsd-config@FreeBSD.ORG Tue Mar 2 10:20:35 2004 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BBB3816A4CE for ; Tue, 2 Mar 2004 10:20:35 -0800 (PST) Received: from andrej.mine.nu (catv-d5deb846.catv.broadband.hu [213.222.184.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id C776A43D3F for ; Tue, 2 Mar 2004 10:20:34 -0800 (PST) (envelope-from andras@webmedia.hu) Received: from webmedia.hu (unknown [192.168.0.1]) by andrej.mine.nu (Postfix) with ESMTP id D40A41BA1F for ; Tue, 2 Mar 2004 19:22:04 +0100 (CET) Message-ID: <4044D07E.5090601@webmedia.hu> Date: Tue, 02 Mar 2004 19:20:46 +0100 From: Andras Got User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7a) Gecko/20040219 X-Accept-Language: hu, en-us, en MIME-Version: 1.0 To: freebsd-config@freebsd.org References: <4044CBA0.8090403@stupar.homelinux.net> In-Reply-To: <4044CBA0.8090403@stupar.homelinux.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Converting iptables to ipfw X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 18:20:35 -0000 Hi! All the below mentioned works. I think you should use ipf for packet filtering, and ipnat for NAT. For /etc/ipnat.rules, the basic is: map $inet_iface $lan_mask -> 0/32 $lan_mask= x.x.x.x/y (netmask) For /etc/ipf.rules: http://www.obfuscation.org/ipf/ipf-howto.html With many examples and tricks also. Andrej Sasa Stupar wrote: > Hi! > > I am thinking to change my old linux router to the freebsd one. The > question is: how difficult is to convert iptables into ipfw rules? > I need some basic things with that router: > - internet gateway for LAN users > - packet filtering with MAC/IP address filtering > - port forwarding > - NAT onto same network so that LAN users can access web server which is > on the LAN also > > Is this all possible with ipfw? > > Regards, > Sasa > _______________________________________________ > freebsd-config@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-config > To unsubscribe, send any mail to "freebsd-config-unsubscribe@freebsd.org" > From owner-freebsd-config@FreeBSD.ORG Tue Mar 2 11:28:44 2004 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EBAE516A4CE for ; Tue, 2 Mar 2004 11:28:44 -0800 (PST) Received: from mail.altavoz.net (j2-2.altavoz.net [209.88.205.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 52C0743D1F for ; Tue, 2 Mar 2004 11:28:44 -0800 (PST) (envelope-from robert@altavoz.net) Received: from altavoz.net (v2.altavoz.net [200.24.227.242]) by mail.altavoz.net (Postfix) with ESMTP id D48BAB776F for ; Tue, 2 Mar 2004 16:28:51 -0300 (CLST) Message-ID: <4044E06D.1090308@altavoz.net> Date: Tue, 02 Mar 2004 16:28:45 -0300 From: Robert Leo Hilliard Heuer Organization: Altavoz S.A. User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 X-Accept-Language: en-us MIME-Version: 1.0 To: freebsd-config@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: I cannot get response from the keyboard... X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 19:28:45 -0000 Hallo! When my system boots I just cannot login. The prompt appears but there's no response from my keyboard on the other side, where my terminal emulator works. I've tried with another UNIX machine with cu(1). I've tried with windows SecureCRT. I can see all the booting process, but I cannot enter any data. I've tried to change $TERM accordingly I've tried some /etc/ttys: /dev/ttyd0 "getty path you know" cons25 on secure /dev/ttyd0 "idem" vt100 on secure and so on. I've tried on different workstations also. What I'm doing wrong? I've tried to boot from the floppies...the boot.config stuff on the floppy... no problem... I get the messages on the other side but guess what: I cannot enter any data over the serial line :-( Any help would be appreciated. Namely, Robert. From owner-freebsd-config@FreeBSD.ORG Tue Mar 2 12:08:57 2004 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E69E016A4CE for ; Tue, 2 Mar 2004 12:08:57 -0800 (PST) Received: from mail.altavoz.net (j2-2.altavoz.net [209.88.205.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id A344143D2D for ; Tue, 2 Mar 2004 12:08:57 -0800 (PST) (envelope-from robert@altavoz.net) Received: from altavoz.net (v2.altavoz.net [200.24.227.242]) by mail.altavoz.net (Postfix) with ESMTP id 1C0E1BE5C4 for ; Tue, 2 Mar 2004 17:09:09 -0300 (CLST) Message-ID: <4044E9DF.50004@altavoz.net> Date: Tue, 02 Mar 2004 17:09:03 -0300 From: Robert Leo Hilliard Heuer Organization: Altavoz S.A. User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 X-Accept-Language: en-us MIME-Version: 1.0 To: freebsd-config@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: about serial console... X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 20:08:58 -0000 Hallo! Sorry, but I forgot to tell you what I was talking about on the mailing list. I'm trying to operate a freeBSD machine via the serial port. I've followed the instrucions from the handbook and the internet. Here's my last mail. sorry! ----MAIL BEGIN---- Hallo! When my system boots I just cannot login. The prompt appears but there's no response from my keyboard on the other side, where my terminal emulator works. I've tried with another UNIX machine with cu(1). I've tried with windows SecureCRT. I can see all the booting process, but I cannot enter any data. I've tried to change $TERM accordingly I've tried some /etc/ttys: /dev/ttyd0 "getty path you know" cons25 on secure /dev/ttyd0 "idem" vt100 on secure and so on. I've tried on different workstations also. What I'm doing wrong? I've tried to boot from the floppies...the boot.config stuff on the floppy... no problem... I get the messages on the other side but guess what: I cannot enter any data over the serial line Any help would be appreciated. Namely, Robert. ----MAIL END---- From owner-freebsd-config@FreeBSD.ORG Tue Mar 2 13:40:30 2004 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B7A8316A4CE for ; Tue, 2 Mar 2004 13:40:30 -0800 (PST) Received: from ns1.cancunwebhosting.com (unknown [69.20.50.208]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2476443D1D for ; Tue, 2 Mar 2004 13:40:30 -0800 (PST) (envelope-from kenneth@cancun.net) Received: from chabocha.intracol.net (dsl-200-78-48-128.prod-infinitum.com.mx [200.78.48.128]) (authenticated)i22LeTM27898 for ; Tue, 2 Mar 2004 16:40:29 -0500 From: Kenneth Andresen To: freebsd-config@freebsd.org Content-Type: text/plain Message-Id: <1078263770.1137.106.camel@chabocha.intracol.net> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Tue, 02 Mar 2004 15:42:50 -0600 Content-Transfer-Encoding: 7bit Subject: FreeBSD 5.2.1 - problems installing - Disk geometry problems X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 21:40:30 -0000 Hello all! I am unfortunatly having multiple problems while trying to install FreeBSD, and would like some help continuing the install process. First off - about 80-90% of the time when booting from the 5.2.1 install cd, I can't get to partition the hard drive. Upon closer examination, I am detecting the boot-up error: ata0-master: Failure - ATA_IDENTIFY no interupt When detecting my hard drive, I am told the geometry of the drive is wrong and am promted to change this to what's written in the bios. I went into the bios to get this information, however with that inforation I am still getting incorrect geometry error messages. Since the system is a multi-boot machine, I do not want to destroy all the other partitions on the disk trying the auto-assumed geometry, so I hope you may help me out setting the correct geometry. Here are the data om my machine: Motherboard: Gigabyte KT400 AGP 8X/FSB 333 Processor: Athlon XP 2000+ Hard drive: Western digital: WDC WD400BB From owner-freebsd-config@FreeBSD.ORG Tue Mar 2 22:54:44 2004 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E06DF16A4CE for ; Tue, 2 Mar 2004 22:54:44 -0800 (PST) Received: from hotmail.com (bay4-f21.bay4.hotmail.com [65.54.171.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id BF02543D1D for ; Tue, 2 Mar 2004 22:54:44 -0800 (PST) (envelope-from konn_@msn.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 2 Mar 2004 22:54:44 -0800 Received: from 213.185.126.6 by by4fd.bay4.hotmail.msn.com with HTTP; Wed, 03 Mar 2004 06:54:44 GMT X-Originating-IP: [213.185.126.6] X-Originating-Email: [konn_@msn.com] X-Sender: konn_@msn.com From: "Umar Draz" To: freebsd-config@freebsd.org Date: Wed, 03 Mar 2004 06:54:44 +0000 Message-ID: X-OriginalArrivalTime: 03 Mar 2004 06:54:44.0602 (UTC) FILETIME=[68EF6DA0:01C400EC] MIME-Version: 1.0 Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: firewall IP/MAC X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 06:54:45 -0000 hi dear members! i have a cable internet and i have freebsd 4.9 i have use ipfw for firewalling and nating and squid for caching. Problem is this when my cable client can't pay his monthly charges i block his ip through ipfw. but some client very smart they change their ip and laughing on me. now i want block my client ips with their MAC address. So how i can do that? in freeBSD plz help me thanks and regards Umar Draz _________________________________________________________________ Protect your PC - [1]Click here for McAfee.com VirusScan Online References 1. http://g.msn.com/8HMAEN/2755??PS= From owner-freebsd-config@FreeBSD.ORG Tue Mar 2 23:12:51 2004 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4208F16A4CE for ; Tue, 2 Mar 2004 23:12:51 -0800 (PST) Received: from mail.numachi.com (meisai.numachi.com [198.175.254.6]) by mx1.FreeBSD.org (Postfix) with SMTP id 5C1F843D39 for ; Tue, 2 Mar 2004 23:12:50 -0800 (PST) (envelope-from reichert@numachi.com) Received: (qmail 39273 invoked from network); 3 Mar 2004 07:12:17 -0000 Received: from natto.numachi.com (198.175.254.216) by meisai.numachi.com with SMTP; 3 Mar 2004 07:12:17 -0000 Received: (qmail 43045 invoked by uid 1001); 3 Mar 2004 07:12:17 -0000 Date: Wed, 3 Mar 2004 02:12:17 -0500 From: Brian Reichert To: Umar Draz Message-ID: <20040303071217.GC40024@numachi.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i cc: freebsd-config@freebsd.org Subject: Re: firewall IP/MAC X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 07:12:51 -0000 On Wed, Mar 03, 2004 at 06:54:44AM +0000, Umar Draz wrote: > now i want block my client ips with their MAC address. So how i can > do that? in freeBSD plz help me Under FreeBSD 4.9, you indirectly have access to ipfw2; see ipfw(8). Under 'IPFW2 ENHANCEMENTS', is listed 'MAC header filtering and Layer-2 firewalling.' You will need to rebuild the kernel, /sbin/ipfw and /usr/lib/libalias, as per the section titled 'USING IPFW2 IN FreeBSD-STABLE'. Good luck... > > thanks and regards > > Umar Draz -- Brian Reichert 37 Crystal Ave. #303 Daytime number: (603) 434-6842 Derry NH 03038-1713 USA BSD admin/developer at large From owner-freebsd-config@FreeBSD.ORG Wed Mar 3 09:34:56 2004 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 91AF916A4CE for ; Wed, 3 Mar 2004 09:34:56 -0800 (PST) Received: from mail.altavoz.net (j2-2.altavoz.net [209.88.205.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B9A943D2D for ; Wed, 3 Mar 2004 09:34:56 -0800 (PST) (envelope-from robert@altavoz.net) Received: from altavoz.net (v2.altavoz.net [200.24.227.242]) by mail.altavoz.net (Postfix) with ESMTP id DD24DB7687 for ; Wed, 3 Mar 2004 14:35:07 -0300 (CLST) Message-ID: <40461747.9040902@altavoz.net> Date: Wed, 03 Mar 2004 14:35:03 -0300 From: Robert Leo Hilliard Heuer Organization: Altavoz S.A. User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 X-Accept-Language: en-us MIME-Version: 1.0 To: freebsd-config@freebsd.org References: <4044E9DF.50004@altavoz.net> <1078334285.76492.62.camel@galadriel.gondorpeon.org> In-Reply-To: <1078334285.76492.62.camel@galadriel.gondorpeon.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: about serial console... X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 17:34:56 -0000 Hi there! Indeed. I'll check the null modem wiring... since I can only receive but cannot send data...^_^ I've tested all but the wiring :-O Later! ghysmow@libertysurf.fr wrote: > did you create a file called boot.config in / ? as stated in the > Handbook ? > > Cheers, > > Seb > > From owner-freebsd-config@FreeBSD.ORG Thu Mar 4 01:58:37 2004 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 17B0016A4CE for ; Thu, 4 Mar 2004 01:58:37 -0800 (PST) Received: from avs1.arnes.si (avs1.arnes.si [193.2.1.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB16443D1F for ; Thu, 4 Mar 2004 01:58:36 -0800 (PST) (envelope-from sasa@stupar.homelinux.net) Received: from localhost (avs1.arnes.si [193.2.1.74]) by avs1.arnes.si (Postfix) with ESMTP id C1AD32E0868 for ; Thu, 4 Mar 2004 10:58:35 +0100 (CET) Received: from avs1.arnes.si ([193.2.1.74]) by localhost (avs1.arnes.si [193.2.1.74]) (amavisd-new, port 10024) with ESMTP id 60582-03 for ; Thu, 4 Mar 2004 10:58:35 +0100 (CET) Received: from xmail.homelinux.net (cmb16-74.dial-up.arnes.si [194.249.51.74]) by avs1.arnes.si (Postfix) with ESMTP id 703F22E0409 for ; Thu, 4 Mar 2004 10:58:35 +0100 (CET) X-AV-Scanned: yes ae627aed8cae1c4eb167c08a1dd08fbf X-AuthUser: sasa@stupar.homelinux.net Received: from stupar.homelinux.net (192.168.10.1:4175) (Linux/Ix86) ESMTP Server]; Thu, 4 Mar 2004 10:58:51 +0100 Message-ID: <4046FDDA.7080908@stupar.homelinux.net> Date: Thu, 04 Mar 2004 10:58:50 +0100 From: Sasa Stupar User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; sl-SI; rv:1.6) Gecko/20040113 X-Accept-Language: sl, en-gb, en MIME-Version: 1.0 To: FreeBSD-config ML Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at arnes.si Subject: NAT onto same network? X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Mar 2004 09:58:37 -0000 Hi! I have manage to configure NAT, port forwarding and firewall on my new gateway machine. Now I am stuck with configuring nat onto same network. I need it so LAN users can access webserver which is also on the LAN (it has configured multiple virtual hosts). Can anyone help me with this? Thank you, Sasa From owner-freebsd-config@FreeBSD.ORG Thu Mar 4 02:58:17 2004 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B6F6A16A4CE for ; Thu, 4 Mar 2004 02:58:17 -0800 (PST) Received: from avs2.arnes.si (avs2.arnes.si [193.2.1.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4EF6843D41 for ; Thu, 4 Mar 2004 02:58:17 -0800 (PST) (envelope-from sasa@stupar.homelinux.net) Received: from localhost (avs2.arnes.si [193.2.1.75]) by avs2.arnes.si (Postfix) with ESMTP id 454D8D073B for ; Thu, 4 Mar 2004 11:58:16 +0100 (CET) Received: from avs2.arnes.si ([193.2.1.75]) by localhost (avs2.arnes.si [193.2.1.75]) (amavisd-new, port 10024) with ESMTP id 08438-04 for ; Thu, 4 Mar 2004 11:58:15 +0100 (CET) Received: from xmail.homelinux.net (cmb16-74.dial-up.arnes.si [194.249.51.74]) by avs2.arnes.si (Postfix) with ESMTP id E3422CFEA3 for ; Thu, 4 Mar 2004 11:58:13 +0100 (CET) X-AV-Scanned: yes 51055a55bf30dee2c8976b159c93ce65 X-AuthUser: sasa@stupar.homelinux.net Received: from stupar.homelinux.net (192.168.10.1:4443) (Linux/Ix86) ESMTP Server]; Thu, 4 Mar 2004 11:58:27 +0100 Message-ID: <40470BD2.9000001@stupar.homelinux.net> Date: Thu, 04 Mar 2004 11:58:26 +0100 From: Sasa Stupar User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; sl-SI; rv:1.6) Gecko/20040113 X-Accept-Language: sl, en-gb, en MIME-Version: 1.0 To: FreeBSD-config ML References: <4046FDDA.7080908@stupar.homelinux.net> <49386.141.67.67.161.1078396444.squirrel@Matrix.Iceman> In-Reply-To: <49386.141.67.67.161.1078396444.squirrel@Matrix.Iceman> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at arnes.si Subject: Re: NAT onto same network? X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Mar 2004 10:58:17 -0000 OK, webservers ip is 192.168.10.10, internal IP on nat machine is 192,168.10.111, all users have ip in the range 192.168.10.0/24 mask 255.255.255.0. They are all connected to the switch. Here is what is says about it but for iptables on linux: -------- 10. Destination NAT Onto the Same Network If you are doing port forwarding back onto the same network, you need to make sure that both future packets and reply packets pass through the NAT box (so they can be altered). The NAT code will now (since 2.4.0-test6), block the outgoing ICMP redirect which is produced when the NAT'ed packet heads out the same interface it came in on, but the receiving server will still try to reply directly to the client (which won't recognize the reply). The classic case is that internal staff try to access your `public' web server, which is actually DNAT'ed from the public address (1.2.3.4) to an internal machine (192.168.1.1), like so: # iptables -t nat -A PREROUTING -d 1.2.3.4 \ -p tcp --dport 80 -j DNAT --to 192.168.1.1 One way is to run an internal DNS server which knows the real (internal) IP address of your public web site, and forward all other requests to an external DNS server. This means that the logging on your web server will show the internal IP addresses correctly. The other way is to have the NAT box also map the source IP address to its own for these connections, fooling the server into replying through it. In this example, we would do the following (assuming the internal IP address of the NAT box is 192.168.1.250): # iptables -t nat -A POSTROUTING -d 192.168.1.1 -s 192.168.1.0/24 \ -p tcp --dport 80 -j SNAT --to 192.168.1.250 Because the PREROUTING rule gets run first, the packets will already be destined for the internal web server: we can tell which ones are internally sourced by the source IP addresses. ---------------- Thank you, Sasa Frank Mueller pravi: > Maybe you should give a little more information, what exactly you're trying to do. > Subnets? Netmasks? Webserver physically only connected to Gateway??? > > Bye, > > Frank > > >>Hi! >> >>I have manage to configure NAT, port forwarding and firewall on my new >>gateway machine. Now I am stuck with configuring nat onto same network. >>I need it so LAN users can access webserver which is also on the LAN (it >>has configured multiple virtual hosts). >>Can anyone help me with this? >> >>Thank you, >>Sasa From owner-freebsd-config@FreeBSD.ORG Thu Mar 4 22:52:09 2004 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5FF0E16A4CE for ; Thu, 4 Mar 2004 22:52:09 -0800 (PST) Received: from avs2.arnes.si (avs2.arnes.si [193.2.1.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id BDF1743D2F for ; Thu, 4 Mar 2004 22:52:06 -0800 (PST) (envelope-from sasa@stupar.homelinux.net) Received: from localhost (avs2.arnes.si [193.2.1.75]) by avs2.arnes.si (Postfix) with ESMTP id E609BD3411 for ; Fri, 5 Mar 2004 07:52:05 +0100 (CET) Received: from avs2.arnes.si ([193.2.1.75]) by localhost (avs2.arnes.si [193.2.1.75]) (amavisd-new, port 10024) with ESMTP id 30879-04 for ; Fri, 5 Mar 2004 07:52:05 +0100 (CET) Received: from xmail.homelinux.net (cmb16-74.dial-up.arnes.si [194.249.51.74]) by avs2.arnes.si (Postfix) with ESMTP id 0AA31D351A for ; Fri, 5 Mar 2004 07:52:05 +0100 (CET) X-AV-Scanned: yes f236445bc4ebefaadecd9063fc628a65 X-AuthUser: sasa@stupar.homelinux.net Received: from stupar.homelinux.net (192.168.10.1:4444) (Linux/Ix86) ESMTP Server]; Fri, 5 Mar 2004 07:52:22 +0100 Message-ID: <404823A6.5080108@stupar.homelinux.net> Date: Fri, 05 Mar 2004 07:52:22 +0100 From: Sasa Stupar User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; sl-SI; rv:1.6) Gecko/20040113 X-Accept-Language: sl, en-gb, en MIME-Version: 1.0 To: FreeBSD-config ML References: <4046FDDA.7080908@stupar.homelinux.net> <49386.141.67.67.161.1078396444.squirrel@Matrix.Iceman> <40470BD2.9000001@stupar.homelinux.net> In-Reply-To: <40470BD2.9000001@stupar.homelinux.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at arnes.si Subject: Re: NAT onto same network? X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2004 06:52:09 -0000 Anyone? Sasa Sasa Stupar pravi: > OK, webservers ip is 192.168.10.10, internal IP on nat machine is > 192,168.10.111, all users have ip in the range 192.168.10.0/24 mask > 255.255.255.0. They are all connected to the switch. > Here is what is says about it but for iptables on linux: > -------- > 10. Destination NAT Onto the Same Network > > If you are doing port forwarding back onto the same network, you need to > make sure that both future packets and reply packets pass through the > NAT box (so they can be altered). The NAT code will now (since > 2.4.0-test6), block the outgoing ICMP redirect which is produced when > the NAT'ed packet heads out the same interface it came in on, but the > receiving server will still try to reply directly to the client (which > won't recognize the reply). > > The classic case is that internal staff try to access your `public' web > server, which is actually DNAT'ed from the public address (1.2.3.4) to > an internal machine (192.168.1.1), like so: > > # iptables -t nat -A PREROUTING -d 1.2.3.4 \ > -p tcp --dport 80 -j DNAT --to 192.168.1.1 > > One way is to run an internal DNS server which knows the real (internal) > IP address of your public web site, and forward all other requests to an > external DNS server. This means that the logging on your web server will > show the internal IP addresses correctly. > > The other way is to have the NAT box also map the source IP address to > its own for these connections, fooling the server into replying through > it. In this example, we would do the following (assuming the internal IP > address of the NAT box is 192.168.1.250): > > # iptables -t nat -A POSTROUTING -d 192.168.1.1 -s 192.168.1.0/24 \ > -p tcp --dport 80 -j SNAT --to 192.168.1.250 > > Because the PREROUTING rule gets run first, the packets will already be > destined for the internal web server: we can tell which ones are > internally sourced by the source IP addresses. > ---------------- > > Thank you, > Sasa > > > > Frank Mueller pravi: > >> Maybe you should give a little more information, what exactly you're >> trying to do. >> Subnets? Netmasks? Webserver physically only connected to Gateway??? >> >> Bye, >> >> Frank >> >> >>> Hi! >>> >>> I have manage to configure NAT, port forwarding and firewall on my new >>> gateway machine. Now I am stuck with configuring nat onto same network. >>> I need it so LAN users can access webserver which is also on the LAN (it >>> has configured multiple virtual hosts). >>> Can anyone help me with this? >>> >>> Thank you, >>> Sasa > > _______________________________________________ > freebsd-config@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-config > To unsubscribe, send any mail to "freebsd-config-unsubscribe@freebsd.org" > From owner-freebsd-config@FreeBSD.ORG Fri Mar 5 09:28:50 2004 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5BC9A16A4CE for ; Fri, 5 Mar 2004 09:28:50 -0800 (PST) Received: from phuket.psconsult.nl (ps226.psconsult.nl [213.222.19.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 42E3143D1F for ; Fri, 5 Mar 2004 09:28:49 -0800 (PST) (envelope-from fb-config@psconsult.nl) Received: from phuket.psconsult.nl (localhost [127.0.0.1]) by phuket.psconsult.nl (8.12.8p2/8.12.8) with ESMTP id i25HSlYe078736 for ; Fri, 5 Mar 2004 18:28:47 +0100 (CET) (envelope-from fb-config@psconsult.nl) Received: (from paul@localhost) by phuket.psconsult.nl (8.12.8p2/8.12.8/Submit) id i25HSkdf078735; Fri, 5 Mar 2004 18:28:46 +0100 (CET) Date: Fri, 5 Mar 2004 18:28:46 +0100 From: Paul Schenkeveld To: freebsd-config@freebsd.org Message-ID: <20040305172846.GA78553@psconsult.nl> Mail-Followup-To: freebsd-config@freebsd.org, Umar Draz References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i cc: Umar Draz Subject: Re: firewall IP/MAC X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2004 17:28:50 -0000 Hello Umar, On Wed, Mar 03, 2004 at 06:54:44AM +0000, Umar Draz wrote: > > hi dear members! > > i have a cable internet and i have freebsd 4.9 i have use ipfw for > firewalling and nating and squid for caching. > > Problem is this when my cable client can't pay his monthly charges i > block his ip through ipfw. but some client very smart they change > their ip and laughing on me. > > now i want block my client ips with their MAC address. So how i can > do that? in freeBSD plz help me If your clients are smart they know they can change their MAC address too, unless you have provided the CPE (router) for the client. > thanks and regards > > Umar Draz Regards, Paul Schenkeveld, Consultant PSconsult ICT Services BV From owner-freebsd-config@FreeBSD.ORG Fri Mar 5 09:29:52 2004 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6831B16A4CE for ; Fri, 5 Mar 2004 09:29:52 -0800 (PST) Received: from phuket.psconsult.nl (ps226.psconsult.nl [213.222.19.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 99D7C43D1F for ; Fri, 5 Mar 2004 09:29:51 -0800 (PST) (envelope-from fb-config@psconsult.nl) Received: from phuket.psconsult.nl (localhost [127.0.0.1]) by phuket.psconsult.nl (8.12.8p2/8.12.8) with ESMTP id i25HToYe078811 for ; Fri, 5 Mar 2004 18:29:50 +0100 (CET) (envelope-from fb-config@psconsult.nl) Received: (from paul@localhost) by phuket.psconsult.nl (8.12.8p2/8.12.8/Submit) id i25HToQf078810; Fri, 5 Mar 2004 18:29:50 +0100 (CET) Date: Fri, 5 Mar 2004 18:29:50 +0100 From: Paul Schenkeveld To: freebsd-config@freebsd.org Message-ID: <20040305172846.GA78553@psconsult.nl> Mail-Followup-To: freebsd-config@freebsd.org, Umar Draz References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i cc: Umar Draz Subject: Re: firewall IP/MAC X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2004 17:29:52 -0000 Hello Umar, On Wed, Mar 03, 2004 at 06:54:44AM +0000, Umar Draz wrote: > > hi dear members! > > i have a cable internet and i have freebsd 4.9 i have use ipfw for > firewalling and nating and squid for caching. > > Problem is this when my cable client can't pay his monthly charges i > block his ip through ipfw. but some client very smart they change > their ip and laughing on me. > > now i want block my client ips with their MAC address. So how i can > do that? in freeBSD plz help me If your clients are smart they know they can change their MAC address too, unless you have provided the CPE (router) for the client. > thanks and regards > > Umar Draz Regards, Paul Schenkeveld, Consultant PSconsult ICT Services BV From owner-freebsd-config@FreeBSD.ORG Fri Mar 5 09:30:02 2004 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0DA8C16A4CF for ; Fri, 5 Mar 2004 09:30:02 -0800 (PST) Received: from phuket.psconsult.nl (ps226.psconsult.nl [213.222.19.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 59DB143D1D for ; Fri, 5 Mar 2004 09:30:01 -0800 (PST) (envelope-from fb-config@psconsult.nl) Received: from phuket.psconsult.nl (localhost [127.0.0.1]) by phuket.psconsult.nl (8.12.8p2/8.12.8) with ESMTP id i25HU0Ye078836 for ; Fri, 5 Mar 2004 18:30:00 +0100 (CET) (envelope-from fb-config@psconsult.nl) Received: (from paul@localhost) by phuket.psconsult.nl (8.12.8p2/8.12.8/Submit) id i25HU0ZY078835; Fri, 5 Mar 2004 18:30:00 +0100 (CET) Date: Fri, 5 Mar 2004 18:30:00 +0100 From: Paul Schenkeveld To: freebsd-config@freebsd.org Message-ID: <20040305172846.GA78553@psconsult.nl> Mail-Followup-To: freebsd-config@freebsd.org, Umar Draz References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i cc: Umar Draz Subject: Re: firewall IP/MAC X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2004 17:30:02 -0000 Hello Umar, On Wed, Mar 03, 2004 at 06:54:44AM +0000, Umar Draz wrote: > > hi dear members! > > i have a cable internet and i have freebsd 4.9 i have use ipfw for > firewalling and nating and squid for caching. > > Problem is this when my cable client can't pay his monthly charges i > block his ip through ipfw. but some client very smart they change > their ip and laughing on me. > > now i want block my client ips with their MAC address. So how i can > do that? in freeBSD plz help me If your clients are smart they know they can change their MAC address too, unless you have provided the CPE (router) for the client. > thanks and regards > > Umar Draz Regards, Paul Schenkeveld, Consultant PSconsult ICT Services BV From owner-freebsd-config@FreeBSD.ORG Fri Mar 5 09:34:47 2004 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0F3E16A4CE for ; Fri, 5 Mar 2004 09:34:47 -0800 (PST) Received: from andrej.mine.nu (catv-d5deb846.catv.broadband.hu [213.222.184.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D84543D41 for ; Fri, 5 Mar 2004 09:34:46 -0800 (PST) (envelope-from andras@webmedia.hu) Message-ID: <4048BA34.7060500@webmedia.hu> Date: Fri, 05 Mar 2004 18:34:44 +0100 From: Andras Got User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7a) Gecko/20040219 X-Accept-Language: hu, en-us, en MIME-Version: 1.0 To: freebsd-config@freebsd.org References: <20040305172846.GA78553@psconsult.nl> In-Reply-To: <20040305172846.GA78553@psconsult.nl> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: firewall IP/MAC X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2004 17:34:47 -0000 Hi I think, he should set up that only those few MAC address-es can use the network, and bind this to their own IP address. When something bad happens you just set a block on that mac and IP duo. :) To List managers: PLS set some normal Reply-to field, because we can't reply easily to the messages coming to the list. Thx. Regards, Andrej Paul Schenkeveld wrote: > Hello Umar, > > On Wed, Mar 03, 2004 at 06:54:44AM +0000, Umar Draz wrote: > >> hi dear members! >> >> i have a cable internet and i have freebsd 4.9 i have use ipfw for >> firewalling and nating and squid for caching. >> >> Problem is this when my cable client can't pay his monthly charges i >> block his ip through ipfw. but some client very smart they change >> their ip and laughing on me. >> >> now i want block my client ips with their MAC address. So how i can >> do that? in freeBSD plz help me > > > If your clients are smart they know they can change their MAC address > too, unless you have provided the CPE (router) for the client. > > >> thanks and regards >> >> Umar Draz > > > Regards, > > Paul Schenkeveld, Consultant > PSconsult ICT Services BV > _______________________________________________ > freebsd-config@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-config > To unsubscribe, send any mail to "freebsd-config-unsubscribe@freebsd.org" > From owner-freebsd-config@FreeBSD.ORG Fri Mar 5 09:35:02 2004 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB92416A4CE for ; Fri, 5 Mar 2004 09:35:02 -0800 (PST) Received: from andrej.mine.nu (catv-d5deb846.catv.broadband.hu [213.222.184.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id D104F43D2F for ; Fri, 5 Mar 2004 09:35:01 -0800 (PST) (envelope-from andrej@antiszoc.hu) Message-ID: <4048BA45.5020304@antiszoc.hu> Date: Fri, 05 Mar 2004 18:35:01 +0100 From: Andras Got User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7a) Gecko/20040219 X-Accept-Language: hu, en-us, en MIME-Version: 1.0 To: freebsd-config@freebsd.org References: <20040305172846.GA78553@psconsult.nl> In-Reply-To: <20040305172846.GA78553@psconsult.nl> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: firewall IP/MAC X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2004 17:35:02 -0000 Hi I think, he should set up that only those few MAC address-es can use the network, and bind this to their own IP address. When something bad happens you just set a block on that mac and IP duo. :) To List managers: PLS set some normal Reply-to field, because we can't reply easily to the messages coming to the list. Thx. Regards, Andrej Paul Schenkeveld wrote: > Hello Umar, > > On Wed, Mar 03, 2004 at 06:54:44AM +0000, Umar Draz wrote: > >> hi dear members! >> >> i have a cable internet and i have freebsd 4.9 i have use ipfw for >> firewalling and nating and squid for caching. >> >> Problem is this when my cable client can't pay his monthly charges i >> block his ip through ipfw. but some client very smart they change >> their ip and laughing on me. >> >> now i want block my client ips with their MAC address. So how i can >> do that? in freeBSD plz help me > > > If your clients are smart they know they can change their MAC address > too, unless you have provided the CPE (router) for the client. > > >> thanks and regards >> >> Umar Draz > > > Regards, > > Paul Schenkeveld, Consultant > PSconsult ICT Services BV > _______________________________________________ > freebsd-config@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-config > To unsubscribe, send any mail to "freebsd-config-unsubscribe@freebsd.org" > From owner-freebsd-config@FreeBSD.ORG Fri Mar 5 14:45:10 2004 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DED4F16A4CE for ; Fri, 5 Mar 2004 14:45:10 -0800 (PST) Received: from smtp1.home.se (smtp1.home.se [213.214.194.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id F266243D1F for ; Fri, 5 Mar 2004 14:45:09 -0800 (PST) (envelope-from cesar@da-silva.info) Received: from cesaro2jpmqhlq cesar.da.silva@home.se [213.113.73.104] Novell NetWare; Fri, 05 Mar 2004 23:42:01 +0100 From: "Cesar da Silva" To: Date: Fri, 5 Mar 2004 23:45:08 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Thread-index: AcQDA4KRTbNQ92bTRwqXU7Lp+qDcNw== Message-Id: <20040305224509.F266243D1F@mx1.FreeBSD.org> Subject: Re: firewall IP/MAC X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2004 22:45:11 -0000 I think that your suggestion is great, but I think that the best option if available is to block the customers port on the router/switch, than he can alter his IP-/ MAC-address as much as he likes. Regards. Cesar da Silva Andras Got wrote: >I think, he should set up that only those few MAC address-es can use the network, and bind this to their own IP address. >When something bad happens you just set a block on that mac and IP duo. :) From owner-freebsd-config@FreeBSD.ORG Sat Mar 6 02:16:31 2004 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1EEDD16A4CE for ; Sat, 6 Mar 2004 02:16:31 -0800 (PST) Received: from hotmail.com (bay4-f41.bay4.hotmail.com [65.54.171.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1172543D1D for ; Sat, 6 Mar 2004 02:16:31 -0800 (PST) (envelope-from konn_@msn.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sat, 6 Mar 2004 02:16:30 -0800 Received: from 82.206.129.100 by by4fd.bay4.hotmail.msn.com with HTTP; Sat, 06 Mar 2004 10:16:30 GMT X-Originating-IP: [82.206.129.100] X-Originating-Email: [konn_@msn.com] X-Sender: konn_@msn.com From: "Umar Draz" To: freebsd-config@freebsd.org Date: Sat, 06 Mar 2004 10:16:30 +0000 Message-ID: X-OriginalArrivalTime: 06 Mar 2004 10:16:30.0967 (UTC) FILETIME=[18216070:01C40364] MIME-Version: 1.0 Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Please Give me Right Answer X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Mar 2004 10:16:31 -0000 this is my 4th question about ipfw2 and i can't get a proper answer of my question. my question was.... i have 2 machines (1) is Redhat Linux 7.3 and (2) FreeBSD.49 both are connected to internet with DSL and both are different places. i have a cable internet andy my both machines has Squid and NAT so if i wanat block my any cable internet user in linux. i use iptables and i block him/her ip and MAC. like this iptables -A INPUT -s 192.168.0.45 -i eth0 -m mac --mac-source 00-10-CE-60-01-5A -j REJECT this command fillfull my problem now my question is. If i want block my cable internet user in my FreeBSD 4.9 machine thorugh ipfw2. then what kind of command i should add in my /etc/ipfw.rules for excample i want block this ip 192.168.0.33 and this ip has this mac address 00-40-50-EA-CD-00. so please please give me right answer thanks and regards Umar Draz _________________________________________________________________ MSN 8 helps [1]ELIMINATE E-MAIL VIRUSES. Get 2 months FREE*. References 1. http://g.msn.com/8HMBEN/2743??PS= From owner-freebsd-config@FreeBSD.ORG Sat Mar 6 06:14:42 2004 Return-Path: Delivered-To: freebsd-config@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 948D216A4CE for ; Sat, 6 Mar 2004 06:14:42 -0800 (PST) Received: from out010.verizon.net (out010pub.verizon.net [206.46.170.133]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD7FD43D39 for ; Sat, 6 Mar 2004 06:14:31 -0800 (PST) (envelope-from cswiger@mac.com) Received: from mac.com ([68.161.120.219]) by out010.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20040306141430.NATU26728.out010.verizon.net@mac.com>; Sat, 6 Mar 2004 08:14:30 -0600 Message-ID: <4049DCA6.9020905@mac.com> Date: Sat, 06 Mar 2004 09:13:58 -0500 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Umar Draz References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at out010.verizon.net from [68.161.120.219] at Sat, 6 Mar 2004 08:14:30 -0600 cc: freebsd-config@freebsd.org Subject: Re: Please Give me Right Answer X-BeenThere: freebsd-config@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Installation and Configuration List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Mar 2004 14:14:42 -0000 Umar Draz wrote: > this is my 4th question about ipfw2 and i can't get a proper answer of > my question. You're asking on the wrong lists; try freebsd-questions or freebsd-ipfw lists instead. > now my question is. If i want block my cable internet user in my > FreeBSD 4.9 machine thorugh ipfw2. then what kind of command i should > add in my /etc/ipfw.rules > > for excample i want block this ip 192.168.0.33 and this ip has this > mac address 00-40-50-EA-CD-00. Try one or both of the following to block outbound requests: ipfw add deny ip from 192.168.0.33 to any ipfw add deny ip from any to any mac any 00:40:50:EA:CD:00 In conjunction with a reasonable ruleset which denies inappropriate inbound connections to your network, this should address your question. -- -Chuck