Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 14 Oct 2004 11:21:47 -0700
From:      "Kevin Glick" <keving@sbfnet.com>
To:        "'Brian '" <Brian@bossbox.com>, "'FreeBSD Questions'" <freebsd-questions@freebsd.org>
Subject:   RE: IPFW NATD
Message-ID:  <20041014182248.B617C43D2D@mx1.FreeBSD.org>
In-Reply-To: <200410141800.i9EI0hXL043737@emboss.bossbox.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
-----Original Message-----
From: owner-freebsd-questions@freebsd.org
[mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Brian 
Sent: Thursday, October 14, 2004 11:01 AM
To: 'FreeBSD Questions'
Subject: IPFW NATD

Hi

I'm trying to setup natd to port forward to a http,ftp and vnc server behind
the natd box

But I only want a customer from their static ip address to be able to login
and block everything else

Is this possible in an natd enviroment?

Any examples?

Port forwarding works ok, I just can't figure out the rules to stop everyone
and allow this one client

Cheers

Brian

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.773 / Virus Database: 520 - Release Date: 05/10/2004
 

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"



Brian,
If you've got the portforwarding working, then a few IPFW rules will add the
security you're looking for.  If your divert rule is number 100, then add a
few rules above it, like this:

ipfw add 50 skipto 100 tcp from [static.ip.of.customer] to
[public.ip.of.nat.box] 80
ipfw add 51 skipto 100 tcp from [static.ip.of.customer] to
[public.ip.of.nat.box] 21
ipfw add 52 skipto 100 tcp from [static.ip.of.customer] to
[public.ip.of.nat.box] [VNC port]
ipfw add 53 deny tcp from any to [public.ip.of.nat.box] 80
ipfw add 54 deny tcp from any to [public.ip.of.nat.box] 21
ipfw add 55 deny tcp from any to [public.ip.of.nat.box] [VNC port]


The first three rules pass the traffic from the specified IP, to the divert
rule, to natd, and get portforwaded.  Any other traffic on those ports get
blocked, and doesn't get diverted.

Kevin Glick
ITS Manager
Sterling Business Forms
keving@sbfnet.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041014182248.B617C43D2D>