From owner-freebsd-ipfw@FreeBSD.ORG Wed Sep 3 12:27:03 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DBFAA1065676 for ; Wed, 3 Sep 2008 12:27:03 +0000 (UTC) (envelope-from thavinci@thavinci.za.net) Received: from thavinci.za.net (mail.e-soul.co.za [196.211.117.44]) by mx1.freebsd.org (Postfix) with ESMTP id 58CC18FC29 for ; Wed, 3 Sep 2008 12:27:03 +0000 (UTC) (envelope-from thavinci@thavinci.za.net) Received: from thavinci.za.net (localhost [127.0.0.1]) by thavinci.za.net (Postfix) with ESMTP id B58939B49E for ; Wed, 3 Sep 2008 13:49:20 +0200 (SAST) Received: from thavinciPC (unknown [192.168.12.110]) by thavinci.za.net (Postfix) with ESMTP id 9A8449B447 for ; Wed, 3 Sep 2008 13:49:20 +0200 (SAST) From: "Marcel Grandemange" To: Date: Wed, 3 Sep 2008 13:48:27 +0200 Message-ID: <02e801c90dba$fa65bf20$ef313d60$@za.net> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AckNoOAUtezWHUOQTRyE8fKmJsHs5gAGhCiA Content-Language: en-us X-Virus-Scanned: ClamAV using ClamSMTP Subject: FW: IPFW In FreeBSD X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Sep 2008 12:27:03 -0000 Ok so I know this is a newbie question.. But ive for years now wanted to know how to only nat certain traffic or maby only across a certain ip. Ive tried many examples all not working.. Maby im just doing something stupid.. But, below is a example of a machine that is natting everything on em0. Id like to know how to change that to everything on say 196.212.65.186 instead of entire interface. Or better yet.. Stop natting everything and say only nat web traffic. Im having issues where certain traffic is being nated that MUSTN be! Would be REALLY greatfull for input and working examples! 00013 6613581 1024484770 fwd 127.0.0.1,3128 tcp from not me to not me dst-port 80 via em1 00015 3678 424024 fwd 127.0.0.1,3128 tcp from not me to not me dst-port 8080 via em1 00025 24596697 12747712371 divert 8668 ip from any to any via em0 00600 0 0 deny ip from any to 196.212.65.186 dst-port 3306 via em0 00600 0 0 deny ip from any to 196.212.65.187 dst-port 3306 via em0 00600 7 408 deny ip from any to 196.212.65.187 dst-port 22 via em0 00600 0 0 deny ip from any to 196.212.65.187 dst-port 199 via em0 00600 0 0 deny ip from any to me dst-port 3401 via em0 00600 0 0 deny ip from any to 192.168.239.1 dst-port 3306 via em1 00600 883 49232 deny icmp from any to 196.212.65.187 via em0 00660 86202 39746084 deny udp from me to any dst-port 520 not via em1 00700 46353458 25934143975 allow ip from any to any 65535 0 0 deny ip from any to any em0: flags=8843 metric 0 mtu 1500 options=19b ether 00:30:48:90:c8:28 inet 196.212.65.186 netmask 0xfffffff8 broadcast 196.212.65.191 inet 196.212.65.187 netmask 0xfffffff8 broadcast 196.212.65.191 media: Ethernet autoselect (100baseTX ) status: active #Nat natd_enable="YES" # Enable NATD function natd_flags="-dynamic" natd_interface="em0" # interface name of public Internet NIC _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" __________ NOD32 3407 (20080902) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com