NAT question
Thomas Wolf
tw at wsf.at
Wed May 25 12:11:25 GMT 2005
george roman wrote:
> hi,
> i have a small privat network and i do not want to
> give internet acces to all the users in the network.
> for nat, i use comand
>
> ipfw add divert natd all from any to any via fxp0
>
> what would be the comand with whom i can restrict
> acces only to certain ip addresses ?
>
> i tried this command
> ipfw add divert natd all from 192.168.1.1/32 to any
> via fxp0
>
> to give access to internet only to the 192.168.1.1 ip
> but it didn't work
Yes, you are preventing incoming traffic from being nat'ed.
Try using two rules instead:
ipfw add divert natd all from any to any in recv fxp0
ipfw add divert natd all from 192.168.1.1/32 to any out xmit fxp0
Thomas
More information about the freebsd-ipfw
mailing list