From owner-freebsd-questions Fri Jun 28 6: 1:25 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9665437B40E for ; Fri, 28 Jun 2002 06:00:58 -0700 (PDT) Received: from sol.chel.skbkontur.ru (sol.chel.skbkontur.ru [212.57.175.94]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0CB7B43E16 for ; Fri, 28 Jun 2002 06:00:18 -0700 (PDT) (envelope-from ilia@chel.skbkontur.ru) Received: from localhost (localhost [127.0.0.1]) by sol.chel.skbkontur.ru (8.12.3/8.12.3) with ESMTP id g5SD0ES1001832 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Fri, 28 Jun 2002 19:00:14 +0600 (YEKST) (envelope-from ilia@chel.skbkontur.ru) Date: Fri, 28 Jun 2002 19:00:14 +0600 (YEKST) From: =?koi8-r?B?6czY0SD7ydDJw8nO?= To: questions@FreeBSD.ORG Subject: RE: ipfw: divert question! Message-ID: <20020628185957.Y1258-100000@sol.chel.skbkontur.ru> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=koi8-r Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Salut, Joe & Fhe Barbish ! On Fri, 28 Jun 2002, Joe & Fhe Barbish wrote: > You state "How can I restrict all the computers but apollo from using nat= d > ????" > You imply that all the computer are on the LAN behind the firewall. > That means they must use private ip numbers to work. > > To use LAN private ip numbers and access the internet you must use > natd to translate between the single public ip address you get from > your ISP and the multiple private ip address of your LAN. > > If this is not your case then you must provide greater details > about your environment or restate your goal so people can > understand what you want to do and why. > > If you only want one LAN computer to access the internet then say so. yes. I want to grant access to a single computer to use tcp/513 (rlogin ?), well some kind of software claim to use tcp/513, I've no idea whether or not it obey to rlogin-protocol :) thanks to God, all other soft can use squid. but that single machine certainly wants to use nat, because all my LAN is on private IP space. apollo (192.168.100.21) --> gateway + natd --> some.known.host:513 I don't want anybody else to use natd at all. > > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of =E9=CC=D8=D1 =FB= =C9=D0=C9=C3=C9=CE > Sent: Friday, June 28, 2002 7:51 AM > To: questions@FreeBSD.ORG > Subject: ipfw: divert question! > > Dear Sirs, > > I want to allow "apollo" to connect telnet,ssh,etc via natd. > When I try: > > /sbin/ipfw add 5 divert natd ip from apollo to any via tun1 > > it doesn't work! > > it only seems to work when I add the following rule: > > /sbin/ipfw add 5 divert natd ip from any to any via tun1 > > How can I restrict all the computers but apollo from using natd ???? > What did I do wrong ? > > Regards, (=EE=C1=C9=CC=D5=DE=DB=C9=C5 =D0=CF=D6=C5=CC=C1=CE=C9=D1) > Ilia Chipitsine (=E9=CC=D8=D1 =FB=C9=D0=C9=C3=C9=CE) > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > Regards, (=EE=C1=C9=CC=D5=DE=DB=C9=C5 =D0=CF=D6=C5=CC=C1=CE=C9=D1) Ilia Chipitsine (=E9=CC=D8=D1 =FB=C9=D0=C9=C3=C9=CE) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message