[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

filtering on both interfaces and NAT



Title: filtering on both interfaces and NAT

Hi

I?have the following problem:

Im using OpenBSD 3.2 stable as a firewall/NAT and Im forced (provider) to block outcoming ports and only allow some.

Im also forced to allow only some machines behind the NAT to access the internet.

Internet --------dc1-PF/NAT-dc0-------192.168.1.0/24

So I have default deny policy on dc1 and passing out only allowed ports. I cannot set the port blocking policy on the dc0 interface, because of ftp-proxy.

On dc0 I have default deny policy too, allowing only some machines to go through. And I cannot block them individually on dc1 because of NAT.

So how can I set different privileges to the machines after NAT? (Exceptions from the port block above on dc1)

Thank you.

Peter Huncar

SP SCCh FChPT STU