FW: IPFW In FreeBSD

Marcel Grandemange thavinci at thavinci.za.net
Wed Sep 3 12:27:03 UTC 2008 

Ok so I know this is a newbie question..

But ive for years now wanted to know how to only nat certain traffic or maby
only across a certain ip.

Ive tried many examples all not working.. Maby im just doing something
stupid..

 

But, below is a example of a machine that is natting everything on em0.

Id like to know how to change that to everything on say 196.212.65.186
instead of entire interface.

Or better yet..

Stop natting everything and say only nat web traffic.

 

Im having issues where certain traffic is being nated that MUSTN be!

 

Would be REALLY greatfull for input and working examples!

 

00013  6613581  1024484770 fwd 127.0.0.1,3128 tcp from not me to not me
dst-port 80 via em1

00015     3678      424024 fwd 127.0.0.1,3128 tcp from not me to not me
dst-port 8080 via em1

00025 24596697 12747712371 divert 8668 ip from any to any via em0

00600        0           0 deny ip from any to 196.212.65.186 dst-port 3306
via em0

00600        0           0 deny ip from any to 196.212.65.187 dst-port 3306
via em0

00600        7         408 deny ip from any to 196.212.65.187 dst-port 22
via em0

00600        0           0 deny ip from any to 196.212.65.187 dst-port 199
via em0

00600        0           0 deny ip from any to me dst-port 3401 via em0

00600        0           0 deny ip from any to 192.168.239.1 dst-port 3306
via em1

00600      883       49232 deny icmp from any to 196.212.65.187 via em0

00660    86202    39746084 deny udp from me to any dst-port 520 not via em1

00700 46353458 25934143975 allow ip from any to any

65535        0           0 deny ip from any to any

 

 

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500

        options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>

        ether 00:30:48:90:c8:28

        inet 196.212.65.186 netmask 0xfffffff8 broadcast 196.212.65.191

        inet 196.212.65.187 netmask 0xfffffff8 broadcast 196.212.65.191

        media: Ethernet autoselect (100baseTX <full-duplex>)

        status: active

 

 

#Nat

natd_enable="YES"                   # Enable NATD function

natd_flags="-dynamic"

natd_interface="em0"                # interface name of public Internet NIC

_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

__________ NOD32 3407 (20080902) Information __________

This message was checked by NOD32 antivirus system.
http://www.eset.com

More information about the freebsd-ipfw mailing list