Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 16 Jun 2006 09:36:29 -0300
From:      Leonardo Reginin <leonardo@procergs.rs.gov.br>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: ipfw rules + natd .. other question
Message-ID:  <4492A5CD.8020908@procergs.rs.gov.br>
In-Reply-To: <000b01c690bf$b0fb72a0$0101a8c0@cristian2aebca>
References:  <000b01c690bf$b0fb72a0$0101a8c0@cristian2aebca>

next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------050607080704010607050306
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit



mufalani wrote:

>Hi all,
>
>  Thank you for help me in configure NAT ... Itīs working perfectly!!!
>
>One another doubt...
>
>where my public address = 200.X.Y.Z
>and my trusted addresses = 201.1.2.3, 205.6.7.8
>
>  I want to only liberate the access to IP 200.X.Y.Z 
>for addresses: 201.1.2.3, 205.6.7.8 and to block for the remaining portion of the world.
>
>  You can help me?
>
>###############my natd.conf###############
>log yes
>same_ports yes
>use_sockets yes
>interface rl0
>redirect_port tcp 10.0.0.211:80 200.X.Y.Z:80
>redirect_port tcp 10.0.0.211:80 200.X.Y.Z:80
>############# end nat.conf #################
>
>############  rc.local ####################
>/sbin/natd -s -n rl0 -p 8668 -config "/etc/natd.conf"
>/sbin/ipfw -f flush
>##
>/sbin/ipfw add 140 divert 8668 ip from any to 200.X.Y.Z in recv rl0 # ---> This rule will override 150 !! <---
>/sbin/ipfw add 150 divert 8668 ip from 201.0.0.0 to 200.X.Y.Z in recv rl0
>/sbin/ipfw add 160 divert 8668 ip from 10.0.0.211 to any out xmit rl0
>
/sbin/ipfw add 170 allow ip from me to any via rl0 out

##
# to permit the access to 200.x.y.z
/sbin/ipfw add 200 allow ip from 205.6.7.8 to 200.X.Y.Z via rl0 in
# to permit the http redirection to 10.0.0.211
/sbin/ipfw add 201 allow tcp from 205.6.7.8 to 10.0.0.211 80 via rl0 in

/sbin/ipfw add 210 allow ip from 201.1.2.3 to 200.X.Y.Z via rl0 in 
# to permit the http redirection to 10.0.0.211 
/sbin/ipfw add 211 allow tcp from 201.1.2.3 to 10.0.0.211 80 via rl0 in

# to block everything else
/sbin/ipfw add 1000 deny ip from any to 200.X.Y.Z
##


>############# end rc.local #################
>_______________________________________________
>freebsd-ipfw@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
>
>  
>

--------------050607080704010607050306--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4492A5CD.8020908>