ipnat.rules

Nelis Lamprecht nlamprecht at gmail.com
Wed Nov 3 02:01:50 PST 2004


On Tue, 2 Nov 2004 17:25:42 -0800 (PST), sonjaya <son_jaya at yahoo.com> wrote:
> dear all
> 
> after i finish add in my kernel ipnat , i use this
> sample script :
> /etc/ipnat.rules :
> map rl0 172.18.5.11/255.255.0.0  -> 0.0.0.0/32 proxy
> port ftp ftp/tcp ssh
> map rl0 172.18.5.11/255.255.0.0 -> 0.0.0.0/32 portmap
> tcp/udp auto
> 
> in here my net :
> 
> lan--NAT server---internet
> 
> my question is :
> 
> 1.how i must set ipnat.rules only some ip get nat
> other can not user .
> because if some pc station use the gateway my server
> that pcstation get nat .
> 
> may be like this :
> lan(non-nat)-----|
> lan(nat)---------|---NAT Server---INternet

You need a rule with something like:

map rl0 from $natnetwork ! to $pubnetwork -> $natserver

> 
> 2. how i set the map rule in ipnat.rules , that lan do
> not  have righ to nat to directly to proxy .

add a block rule for the proxy ip from lan but pass the nat server ?
not quite sure what you want..

> 
> i'm so sory if my question is basic , because i new in
> freebsd
> thx
> 

No problem even though it's more IP Filter than FreeBSD related. For
further information see http://www.obfuscation.org/ipf/ipf-howto.html

Nelis


More information about the freebsd-questions mailing list