From owner-freebsd-ipfw  Thu May 24 17:39: 9 2001
Delivered-To: freebsd-ipfw@freebsd.org
Received: from rgmail.regenstrief.org (rgmail.regenstrief.org [134.68.31.197])
	by hub.freebsd.org (Postfix) with ESMTP id 98EEB37B422
	for <freebsd-ipfw@FreeBSD.ORG>; Thu, 24 May 2001 17:39:07 -0700 (PDT)
	(envelope-from gunther@aurora.regenstrief.org)
Received: from aurora.regenstrief.org (rgnout.regenstrief.org [134.68.31.38])
	by rgmail.regenstrief.org (8.11.0/8.8.7) with ESMTP id f4P0fmX08212;
	Thu, 24 May 2001 19:41:48 -0500
Message-ID: <3B0DA9A3.9BB41E8D@aurora.regenstrief.org>
Date: Fri, 25 May 2001 00:38:59 +0000
From: Gunther Schadow <gunther@aurora.regenstrief.org>
Organization: Regenstrief Institute for Health Care
X-Mailer: Mozilla 4.75 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Roman <roman@e-lider.pl>
Cc: freebsd-ipfw@FreeBSD.ORG
Subject: Re: Simple problem?
References: <000801c0e397$694b8e20$af01a8c0@bydgoski.pl>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG

> Roman wrote:
> 
> My network:
> 
> 1. private 192.168.1.0/255.255.255.0
> 2. private 172.16.0.0/255.255.0.0
> 3. public 111.222.333.178/255.255.255.240
> 
> All request from 192. are going to public through masq on natd. It is OK.
> All hosts in 172. are out of masq.
> I'd like to make only one host in 192. ie. 192.168.1.166 to tcp connect from
> only one host from 172. ie. 172.16.100.100.
> 
> I think it is simple but i don't know how can I do it?

Roman, this is a clear RTFM issue. You can do it with IPFW, I did
things like that. It's a rule that starts with

$ipfw divert nat from $this to $that tcp port $suchandsuch

etc. I don't remember the syntax right, so RTFM ipfw(8). Behold,
this does not work with ipnat all so easily. IPFilter's ipnat
has far less powerful matching rules. It may work, but needs some
reseach.

-Gunther

-- 
Gunther Schadow, M.D., Ph.D.                    gschadow@regenstrief.org
Medical Information Scientist      Regenstrief Institute for Health Care
Adjunct Assistent Professor        Indiana University School of Medicine
tel:1(317)630-7960                         http://aurora.regenstrief.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message