IPFW + NATD

Vitor de Matos Carvalho listas at softinfo.com.br
Sun Jul 13 11:02:56 PDT 2003 

Thanks for help.

My net 10.1.0.0/16 cannot se net 10.2.0.0/16. 
E mine firewall the last rule of my kernel is: deny ip from any to any 


 Regards,

---------------------------------------------------
Vitor de Matos Carvalho - #5602098
Softinfo Network Administrator
+55 (71)9971-5011 / +55 (71)9986-9317
Salvador - Bahia - Brazil
FreeBSD: The silent Workhorse
----- Original Message ----- 
From: "Micheal Patterson" <micheal at cancercare.net>
To: <freebsd-questions at freebsd.org>
Cc: <listas at softinfo.com.br>
Sent: Sunday, July 13, 2003 1:53 PM
Subject: Re: IPFW + NATD


> 
> 
> ----- Original Message ----- 
> From: "Vitor de Matos Carvalho" <listas at softinfo.com.br>
> To: <freebsd-questions at freebsd.org>
> Sent: Sunday, July 13, 2003 7:18 AM
> Subject: IPFW + NATD
> 
> 
> > Hi,
> >
> > I have two networks: 10.1.0.0/16 and 10.2.0.0/16
> >
> > Only that I need to make the NAT for only a one network, 10.2.0.0/16.
> Network 10,1,0,0/16 does not have external access.
> > How I configure in ipfw + natd so that this is possible?
> > My interface of exit is xl0 interface of network 10.1.0.0/16 is xl1, and
> interface of network 10.2.0.0/16 is xl2.
> > As I configure in ipfw using natd to make nat only for net 10.2.0.0/16.
> >
> >
> >
> >  Regards,
> >
> > ---------------------------------------------------
> > Vitor de Matos Carvalho - #5602098
> > Softinfo Network Administrator
> > +55 (71)9971-5011 / +55 (71)9986-9317
> > Salvador - Bahia - Brazil
> > FreeBSD: The silent Workhorse
> 
> 
> I would think it would be something like this:
> 
> # Divert all outbound traffic through nat
> #
> ipfw add 1 divert natd all from any to any via xl0
> #
> ### Allow traffic from <> to internal networks
> #
> ipfw add 2 allow ip from 10,1,0,0/16 to 10.2.0.0/16
> ipfw add 2 allow ip from 10.2.0.0/16 to 10.1.0.0/16
> #
> ### Deny 10.1.0.0/16 traffic to anyone else
> #
> ipfw add 4 deny ip from 10.1.0.0/16 to any
> #
> ### Rest of firewall rules
> #
> 
> --
> 
> Micheal Patterson
> Network Administration
> Cancer Care Network
> 405-733-2230
> 
> 
>

More information about the freebsd-questions mailing list