Date: Thu, 01 Jun 2000 11:12:58 -0700 From: Patrick Burm <patb@commlitho.com> To: questions@FreeBSD.org Subject: natd and ipfw help Message-ID: <4.3.1.2.20000601110613.00b85bb0@commlitho.com>
next in thread | raw e-mail | index | archive | help
I am attempting to restrict who on the internal net can use the internet.
In my infinite wisdom I have tried the following configuration in
rc.firewall
${fwcmd} add 100 divert natd udp from any to any 53 via ${natd_interface}
${fwcmd} add 101 divert natd tcp from any to any 110 via ${natd_interface}
${fwcmd} add 102 divert natd tcp from any to any 25 via ${natd_interface}
${fwcmd} add 103 divert natd all from 192.168.73.11/32 to any via
${natd_interface}
${fwcmd} add 200 pass all from any to any via lo0
${fwcmd} add 300 deny all from any to 127.0.0.0/8
${fwcmd} add 65000 pass all from any to any
My thinking was this would allow anyone to do dns lookups, check their
email, send email, and allow 192.168.73.11 to do anything.
It does not work however, and I cannot seem to get clear why.
With this configuration, (I checked to make sure the rules show up as
planned, and they do) no one can do anything.
Does anyone have experience, or a ruleset I can copy to restrict who gets to
use the net.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.1.2.20000601110613.00b85bb0>