Date: Fri, 30 Mar 2001 06:14:41 +0200 From: "Michael Nottebrock" <michaelnottebrock@gmx.net> To: <freebsd-questions@FreeBSD.ORG> Subject: natd / ipfw question: How to deny nat for certain machines Message-ID: <012601c0b8cf$f27ea120$0508a8c0@lofi.dyndns.org>
next in thread | raw e-mail | index | archive | help
I am using a a FreeBSD box to connect to my ISP via DSL, using the userland ppp on FreeBSD Release 4.2. I am also running natd, dhcpd and the dante-socks proxy in order to provide convenient access to the internet to some windows boxes on my LAN. The LAN and the DSL-modem are connected to different NICs. I would now like to allow nat only for a certain range of IP-Adresses (say 192.168.8.1-8) and disallow it for everyone else. I have setup the following basic ipfw-configuration, which allows everyone on the internal net to access the internet via NAT: (from /etc/rc.conf) natd_interface="tun0" natd_flags="-dynamic -l -unregistered_only" (ipfw-ruleset) add 50 divert natd all from any to any add 51 divert 1234 tcp from any to any ; mss-clamping, necessary for dsl because of ISPs blackhole routers add 100 pass all from any to any via lo0 add 200 deny all from any to any 127.0.0.0/8 [...] ; some unreach port rules for the tun0 interface add 500 pass all from any to any Any help is greatly appreciated. Thanks in advance, Michael Nottebrock To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?012601c0b8cf$f27ea120$0508a8c0>