ipfw + 2 LANs
Marek Salwerowicz
marek_sal at wp.pl
Wed Jul 6 18:27:59 UTC 2011
Hi all,
I have two separate LANs (one 10.0.1.0/24 and the other 10.0.2.0/24). Both are connected to FreeBSD 8.2 router (ifaces em1 and em2).
To em0 I have my ISP (10.0.0.0/24) connected.
The idea is to share the Internet connection to both networks, and block any traffic between them.
I was trying to set up the firewall like this:
#!/bin/sh
cmd="ipfw -q"
$cmd flush
$cmd add 50 check-state
$cmd add 80 divert natd ip from any to any via em0
$cmd add 100 allow ip from any to me
$cmd add 101 allow ip from me to any
$cmd add 200 allow ip from 10.0.1.0/24 to 10.0.0.0/24 keep-state
$cmd add 300 allow ip from 10.0.2.0/24 to 10.0.0.0/24 keep-state
But it doesn't really work for me
when I set at the end:
$cmd add 500 allow ip from any to any
It works but it allows also traffic between LANs.
Regards,
--
Marek Salwerowicz
More information about the freebsd-net
mailing list