From owner-freebsd-ipfw  Tue May 22 12:33:32 2001
Delivered-To: freebsd-ipfw@freebsd.org
Received: from hq1.tyfon.net (hq1.tyfon.net [217.27.162.35])
	by hub.freebsd.org (Postfix) with ESMTP id AA2A137B42C
	for <ipfw@freebsd.org>; Tue, 22 May 2001 12:33:30 -0700 (PDT)
	(envelope-from dl@tyfon.net)
Received: from localhost (localhost [127.0.0.1])
	by hq1.tyfon.net (Postfix) with ESMTP id 186141C5C8
	for <ipfw@freebsd.org>; Tue, 22 May 2001 21:33:23 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by hq1.tyfon.net (Postfix) with ESMTP id 109611C7D8
	for <ipfw@freebsd.org>; Tue, 22 May 2001 21:33:19 +0200 (CEST)
Date: Tue, 22 May 2001 21:33:19 +0200 (CEST)
From: Dan Larsson <dl@tyfon.net>
To: <ipfw@freebsd.org>
Subject: followup on ethernet address firewall implementation for ipfw
Message-ID: <20010522213014.D87192-100000@hq1.tyfon.net>
Organization: Tyfon Svenska AB
X-NCC-NIC: DL1999-RIPE
X-NCC-RegID: se.tyfon
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by hq1.tyfon.net
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG

I have unfortunately not got the persons email adress who said he
would try to merge the relevant parts into the ipfw sources and try
it out.

Any news regarding this?


Regards
+------
Dan Larsson      | Tel:   +46 8 550 120 21
Tyfon Svenska AB | Fax:   +46 8 550 120 02
GPG and PGP keys | finger dl@hq1.tyfon.net



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message


From owner-freebsd-ipfw  Wed May 23  7:49:29 2001
Delivered-To: freebsd-ipfw@freebsd.org
Received: from dns.bydgoski.pl (express.bydgoski.pl [213.25.33.178])
	by hub.freebsd.org (Postfix) with ESMTP id 7EAAC37B422
	for <freebsd-ipfw@freebsd.org>; Wed, 23 May 2001 07:49:23 -0700 (PDT)
	(envelope-from roman@e-lider.pl)
Received: from pc ([192.168.1.175])
	by dns.bydgoski.pl (8.11.3/8.11.3) with SMTP id f4NEpko00554
	for <freebsd-ipfw@freebsd.org>; Wed, 23 May 2001 14:51:53 GMT
	(envelope-from roman@e-lider.pl)
Message-ID: <000801c0e397$694b8e20$af01a8c0@bydgoski.pl>
From: "Roman" <roman@e-lider.pl>
To: <freebsd-ipfw@freebsd.org>
Subject: Simple problem?
Date: Wed, 23 May 2001 16:48:13 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0005_01C0E3A8.28268D80"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG

This is a multi-part message in MIME format.

------=_NextPart_000_0005_01C0E3A8.28268D80
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

My network:

1. private 192.168.1.0/255.255.255.0
2. private 172.16.0.0/255.255.0.0
3. public 111.222.333.178/255.255.255.240

All request from 192. are going to public through masq on natd. It is =
OK.
All hosts in 172. are out of masq.
I'd like to make only one host in 192. ie. 192.168.1.166 to tcp connect =
from only one host from 172. ie. 172.16.100.100.

I think it is simple but i don't know how can I do it?

Roman

------=_NextPart_000_0005_01C0E3A8.28268D80
Content-Type: text/html;
	charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-2" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2614.3500" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3D"Arial CE" size=3D2>My network:</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3D"Arial CE" size=3D2>1. private=20
192.168.1.0/255.255.255.0</FONT></DIV>
<DIV><FONT face=3D"Arial CE" size=3D2>2. private =
172.16.0.0/255.255.0.0</FONT></DIV>
<DIV><FONT face=3D"Arial CE" size=3D2>3. public=20
111.222.333.178/255.255.255.240</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3D"Arial CE" size=3D2>All request from 192. are going to =
public=20
through masq on natd. It is OK.</FONT></DIV>
<DIV><FONT face=3D"Arial CE" size=3D2>All hosts in 172. are out of=20
masq.</FONT></DIV>
<DIV><FONT face=3D"Arial CE" size=3D2>I'd like to&nbsp;make only one =
host&nbsp;in=20
192. ie. 192.168.1.166 to tcp connect from only one host from 172. ie.=20
172.16.100.100.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3D"Arial CE" size=3D2>I think it is simple but i don't =
know how can=20
I do it?</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3D"Arial CE" size=3D2>Roman</FONT></DIV></BODY></HTML>

------=_NextPart_000_0005_01C0E3A8.28268D80--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message


From owner-freebsd-ipfw  Thu May 24 17:39: 9 2001
Delivered-To: freebsd-ipfw@freebsd.org
Received: from rgmail.regenstrief.org (rgmail.regenstrief.org [134.68.31.197])
	by hub.freebsd.org (Postfix) with ESMTP id 98EEB37B422
	for <freebsd-ipfw@FreeBSD.ORG>; Thu, 24 May 2001 17:39:07 -0700 (PDT)
	(envelope-from gunther@aurora.regenstrief.org)
Received: from aurora.regenstrief.org (rgnout.regenstrief.org [134.68.31.38])
	by rgmail.regenstrief.org (8.11.0/8.8.7) with ESMTP id f4P0fmX08212;
	Thu, 24 May 2001 19:41:48 -0500
Message-ID: <3B0DA9A3.9BB41E8D@aurora.regenstrief.org>
Date: Fri, 25 May 2001 00:38:59 +0000
From: Gunther Schadow <gunther@aurora.regenstrief.org>
Organization: Regenstrief Institute for Health Care
X-Mailer: Mozilla 4.75 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Roman <roman@e-lider.pl>
Cc: freebsd-ipfw@FreeBSD.ORG
Subject: Re: Simple problem?
References: <000801c0e397$694b8e20$af01a8c0@bydgoski.pl>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG

> Roman wrote:
> 
> My network:
> 
> 1. private 192.168.1.0/255.255.255.0
> 2. private 172.16.0.0/255.255.0.0
> 3. public 111.222.333.178/255.255.255.240
> 
> All request from 192. are going to public through masq on natd. It is OK.
> All hosts in 172. are out of masq.
> I'd like to make only one host in 192. ie. 192.168.1.166 to tcp connect from
> only one host from 172. ie. 172.16.100.100.
> 
> I think it is simple but i don't know how can I do it?

Roman, this is a clear RTFM issue. You can do it with IPFW, I did
things like that. It's a rule that starts with

$ipfw divert nat from $this to $that tcp port $suchandsuch

etc. I don't remember the syntax right, so RTFM ipfw(8). Behold,
this does not work with ipnat all so easily. IPFilter's ipnat
has far less powerful matching rules. It may work, but needs some
reseach.

-Gunther

-- 
Gunther Schadow, M.D., Ph.D.                    gschadow@regenstrief.org
Medical Information Scientist      Regenstrief Institute for Health Care
Adjunct Assistent Professor        Indiana University School of Medicine
tel:1(317)630-7960                         http://aurora.regenstrief.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message