ipnat.rules
Nelis Lamprecht
nlamprecht at gmail.com
Wed Nov 3 02:01:50 PST 2004
On Tue, 2 Nov 2004 17:25:42 -0800 (PST), sonjaya <son_jaya at yahoo.com> wrote:
> dear all
>
> after i finish add in my kernel ipnat , i use this
> sample script :
> /etc/ipnat.rules :
> map rl0 172.18.5.11/255.255.0.0 -> 0.0.0.0/32 proxy
> port ftp ftp/tcp ssh
> map rl0 172.18.5.11/255.255.0.0 -> 0.0.0.0/32 portmap
> tcp/udp auto
>
> in here my net :
>
> lan--NAT server---internet
>
> my question is :
>
> 1.how i must set ipnat.rules only some ip get nat
> other can not user .
> because if some pc station use the gateway my server
> that pcstation get nat .
>
> may be like this :
> lan(non-nat)-----|
> lan(nat)---------|---NAT Server---INternet
You need a rule with something like:
map rl0 from $natnetwork ! to $pubnetwork -> $natserver
>
> 2. how i set the map rule in ipnat.rules , that lan do
> not have righ to nat to directly to proxy .
add a block rule for the proxy ip from lan but pass the nat server ?
not quite sure what you want..
>
> i'm so sory if my question is basic , because i new in
> freebsd
> thx
>
No problem even though it's more IP Filter than FreeBSD related. For
further information see http://www.obfuscation.org/ipf/ipf-howto.html
Nelis
More information about the freebsd-questions
mailing list