Date: Sat, 01 Apr 2000 17:03:14 +0100 From: Brian 'Astrolox' Wojtczak <astrolox@innocent.com> To: freebsd-ipfw@FreeBSD.ORG Subject: Re: Selective access Message-ID: <3.0.3.32.20000401170314.0098c190@mail.virgin.net> In-Reply-To: <20000329075634.A52161@lunatic.oneinsane.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Ron Rosson <insane@lunatic.oneinsane.net> wrote: > >Hello, > I have setup a FreeBSD Server to perform NAT using IPFilter and IPNAT. >Basically it is something like this: > >vr0 -------> Real Internet IP >vr1 -------> 192.168.0/24 > >The network portion of vr1 is where I am having issues. I would like to >set it up so that the lower 128 have full access thru the NAT and the >upper portion of the address space only be able to use email. > >vr1 = 192.168.0.0 netmask 255.255.255.128 Full Access to the net > 192.168.0.128 netmask 255.255.255.128 Email access only > >The NAT server also doubles as the Email server. > >IF anyone has done this or has an idea how it can be done without adding >another NIC. I would like to hear from ya. ;-) > This is easy. Set up NATD allowing all of 192.168.0 to use it. then edit /etc/rc.firewall and edit the divert rule which by default looks something like $fwcmd add divert natd all from any to any change it so that it looks something like $fwcmd add divert natd all from 192.168.0.0/4 to any or if that don't work add a rule which denies access from 192.168.0.128/4 to anything but smtp (and pop) I'm a little rusty on this at the moment, been in Tenerife for a week without a computer. If I made a mistake sorry ... please go and read some tutorial. I learnt everything I know from the FreeBSD Handbook and the ipfw man page. [1] http://www.freebsd.org/handbook/ [2] http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&apropos=0&sektion=0&manpath=Fr eeBSD+3.4-RELEASE&format=html Hope that helps, a little. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Brian 'Astrolox' Wojtczak "If ya going to do it, do it in style" Wolrd Wide Web Page: http://www.astrolox.com/ EMail Address: astrolox@innocent.com Personal RSA PGP Key - be aware of fake keys: 89 30 61 EC 2B CA C8 FA EC 11 87 6D DA 50 7C 6B Bits: 2048 Id: 10E51DFD Date: 2000/02/16 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.3.32.20000401170314.0098c190>