ipfw rules + natd .. other question
Leonardo Reginin
leonardo at procergs.rs.gov.br
Fri Jun 16 12:36:33 UTC 2006
mufalani wrote:
>Hi all,
>
> Thank you for help me in configure NAT ... It´s working perfectly!!!
>
>One another doubt...
>
>where my public address = 200.X.Y.Z
>and my trusted addresses = 201.1.2.3, 205.6.7.8
>
> I want to only liberate the access to IP 200.X.Y.Z
>for addresses: 201.1.2.3, 205.6.7.8 and to block for the remaining portion of the world.
>
> You can help me?
>
>###############my natd.conf###############
>log yes
>same_ports yes
>use_sockets yes
>interface rl0
>redirect_port tcp 10.0.0.211:80 200.X.Y.Z:80
>redirect_port tcp 10.0.0.211:80 200.X.Y.Z:80
>############# end nat.conf #################
>
>############ rc.local ####################
>/sbin/natd -s -n rl0 -p 8668 -config "/etc/natd.conf"
>/sbin/ipfw -f flush
>##
>/sbin/ipfw add 140 divert 8668 ip from any to 200.X.Y.Z in recv rl0 # ---> This rule will override 150 !! <---
>/sbin/ipfw add 150 divert 8668 ip from 201.0.0.0 to 200.X.Y.Z in recv rl0
>/sbin/ipfw add 160 divert 8668 ip from 10.0.0.211 to any out xmit rl0
>
/sbin/ipfw add 170 allow ip from me to any via rl0 out
##
# to permit the access to 200.x.y.z
/sbin/ipfw add 200 allow ip from 205.6.7.8 to 200.X.Y.Z via rl0 in
# to permit the http redirection to 10.0.0.211
/sbin/ipfw add 201 allow tcp from 205.6.7.8 to 10.0.0.211 80 via rl0 in
/sbin/ipfw add 210 allow ip from 201.1.2.3 to 200.X.Y.Z via rl0 in
# to permit the http redirection to 10.0.0.211
/sbin/ipfw add 211 allow tcp from 201.1.2.3 to 10.0.0.211 80 via rl0 in
# to block everything else
/sbin/ipfw add 1000 deny ip from any to 200.X.Y.Z
##
>############# end rc.local #################
>_______________________________________________
>freebsd-ipfw at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>
>
>
More information about the freebsd-ipfw
mailing list