/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */ Gday, Could someone with a clue please have a quick read of below and correct me if i'm off track. Firewall on linux 2.0.38 kernel: 192.168.0.1 Windows Machine 1 on LAN (192.168.0.2) Windows Machine 2 on LAN (192.168.0.3) Both windows machine have 192.168.0.1 as their default gateway. Firewall connects to Internet via PPP. 1) No Internet restrictions for both windows machines (ie. they can access the web etc.) ipfadm -F -a masq -S 192.168.0.0/24 -D 0.0.0.0/0 2) Say that I now want to block both windows machines from accessing certain parts of the Internet (in particular say email..). So what I want to do now is block all requests from our windows machines from reaching ports 25 and 110 on the outside world. This will still allow the windows guys to say browse the web (port 80).. but any attempt to check email on an external server would be denied. ipfwadm -I -i reject -W ppp0 -P tcp -S 192.168.0.0/0 -D 0/0 25 110 is that correct? 3) And if I wanted to stop Windows Machine 2 (192.168.0.3) from accessing the Internet at all I would type: ipfwadm -I -a reject -S 192.168.0.3/32 -D -0.0.0.0/0 Alternatively, if i wanted to allow the above machine *only* www trafic but reject all others I would: ipfwadm -I -a accept -S 192.168.0.3/32 -D 0.0.0.0/0 80 ipfwadm -I -a reject -S 192.168.0.3/32 -D 0.0.0.0/0 4) And finally.. If I wanted to clear any previous rules and block all access immediately to all machines I would type: ipfwadm -I -f ipfwadm -I -p accept ipfwadm -O -f ipfwadm -O -p accept ipfwadm -F -f ipfwadm -F -p accept Is this all correct? I appreciate your time and look forward to your reply. Cheers, Matt. _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
