Date: Thu, 01 Jun 2000 15:59:57 -0700 From: Patrick Burm <patb@commlitho.com> To: "Raymundo M. Vega" <RaymundoVega@home.com> Cc: freebsd-questions@FreeBSD.org Subject: Re: natd and ipfw help Message-ID: <4.3.1.2.20000601155757.00b3e580@commlitho.com> In-Reply-To: <3936E8F8.4E8D8804@home.com> References: <4.3.1.2.20000601110613.00b85bb0@commlitho.com> <4.3.1.2.20000601140142.00b87100@commlitho.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > >There are easier ways, first run nstreams from ports, after that > > >delete the specific services you will not provide to your clients. > > > > my problem is not writing the rules, its where to position them so > > natd still works. Whenever I change anything from the default: > > > > 00100 divert 8668 ip from any to any via xl0 > > 00100 allow ip from any to any via lo0 > > 00200 deny ip from any to 127.0.0.0/8 > > 65000 allow ip from any to any > > 65535 deny ip from any to any > > > >Let assume that you want anybody to get DNS and mail access, the give >something like: > >ipfw add 150 allow udp from any to any 53 >ipfw add 160 allow udp from any to <substitute IP server address> 25 Okay, but where do I add a line that allows just a single IP from the internal network access to more than everyone else. That late in the list it has been re-sourced by natd....so I cannot restrict. That was my original goal. restricting hosts, not services. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.1.2.20000601155757.00b3e580>