Date: Wed, 06 Jul 2011 20:01:17 +0200 From: "Marek Salwerowicz" <marek_sal@wp.pl> To: freebsd-net@freebsd.org Subject: ipfw + 2 LANs Message-ID: <4e14a2ed555a94.24022420@wp.pl>
next in thread | raw e-mail | index | archive | help
Hi all, I have two separate LANs (one 10.0.1.0/24 and the other 10.0.2.0/24). Both are connected to FreeBSD 8.2 router (ifaces em1 and em2). To em0 I have my ISP (10.0.0.0/24) connected. The idea is to share the Internet connection to both networks, and block any traffic between them. I was trying to set up the firewall like this: #!/bin/sh cmd="ipfw -q" $cmd flush $cmd add 50 check-state $cmd add 80 divert natd ip from any to any via em0 $cmd add 100 allow ip from any to me $cmd add 101 allow ip from me to any $cmd add 200 allow ip from 10.0.1.0/24 to 10.0.0.0/24 keep-state $cmd add 300 allow ip from 10.0.2.0/24 to 10.0.0.0/24 keep-state But it doesn't really work for me when I set at the end: $cmd add 500 allow ip from any to any It works but it allows also traffic between LANs. Regards, -- Marek Salwerowicz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4e14a2ed555a94.24022420>