[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipfw rules + natd .. other question





mufalani wrote:

Hi all,

 Thank you for help me in configure NAT ... It´s working perfectly!!!

One another doubt...

where my public address = 200.X.Y.Z
and my trusted addresses = 201.1.2.3, 205.6.7.8

I want to only liberate the access to IP 200.X.Y.Z for addresses: 201.1.2.3, 205.6.7.8 and to block for the remaining portion of the world.

 You can help me?

###############my natd.conf###############
log yes
same_ports yes
use_sockets yes
interface rl0
redirect_port tcp 10.0.0.211:80 200.X.Y.Z:80
redirect_port tcp 10.0.0.211:80 200.X.Y.Z:80
############# end nat.conf #################

############  rc.local ####################
/sbin/natd -s -n rl0 -p 8668 -config "/etc/natd.conf"
/sbin/ipfw -f flush
##
/sbin/ipfw add 140 divert 8668 ip from any to 200.X.Y.Z in recv rl0 # ---> This rule will override 150 !! <---
/sbin/ipfw add 150 divert 8668 ip from 201.0.0.0 to 200.X.Y.Z in recv rl0
/sbin/ipfw add 160 divert 8668 ip from 10.0.0.211 to any out xmit rl0

/sbin/ipfw add 170 allow ip from me to any via rl0 out

##
# to permit the access to 200.x.y.z
/sbin/ipfw add 200 allow ip from 205.6.7.8 to 200.X.Y.Z via rl0 in
# to permit the http redirection to 10.0.0.211
/sbin/ipfw add 201 allow tcp from 205.6.7.8 to 10.0.0.211 80 via rl0 in

/sbin/ipfw add 210 allow ip from 201.1.2.3 to 200.X.Y.Z via rl0 in # to permit the http redirection to 10.0.0.211 /sbin/ipfw add 211 allow tcp from 201.1.2.3 to 10.0.0.211 80 via rl0 in

# to block everything else
/sbin/ipfw add 1000 deny ip from any to 200.X.Y.Z
##


############# end rc.local #################
_______________________________________________
freebsd-ipfw_(_at_)_freebsd_(_dot_)_org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe_(_at_)_freebsd_(_dot_)_org"

_______________________________________________
freebsd-ipfw_(_at_)_freebsd_(_dot_)_org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe_(_at_)_freebsd_(_dot_)_org"

Visit your host, monkey.org