All the machines on my lan have 192.168.1.x addresses, they all use
192.168.1.16 as their router.
My firewall/server is 24.65.241.78 with 192.168.1.16 as an alias
the NAT rules I've got are like this
map ep0 192.168.1.1/28 -> 0.0.0.0/32

Right now, my ipf rules are

block in quick from 172.16.0.0/12 to any
block in quick from 10.0.0.0/8 to any

pass in proto tcp/udp all
pass out proto tcp/udp all

I'd like to block the 192 block if its comming from the cable modem. I've
only got one NIC in my machine hence the alias. So is it possible for me
to block the 192.168 segment, or do I need another NIC?

Thanks

The first rule of Fight Club is You Do Not Talk About Fight Club.

// Erik Huizing   huizing@cpsc.ucalgary.ca
// www.cpsc.ucalgary.ca/~huizing

On Wed, 13 Dec 2000, David Maxwell wrote:

> On Tue, Dec 12, 2000 at 05:08:26PM -0700, Erik Huizing wrote:
> > I've been reading through the ipf how-to, and can't seem to come up with a
> > rule that's applicable to my situation:
> > My bsd box has one NIC in it, and is performing NAT. I'm able to block the
> > 172.16.0.0 and 10.0.0.0 ranges, but when I add the rule to block
> > block in quick from 192.168.0.0/16 to any
> > all the machines on my LAN don't work. 
> > So my question is, can I block that range, and still have my LAN
> > connected, or do I need two NICs?
> 
> More information about your actual addresses is required for someone
> to be able to answer that.
> 
> -- 
> David Maxwell, david@vex.net|david@maxwell.net -->
> (About an Amiga rendering landscapes) It's not thinking, it's being artistic!
> 					      - Jamie Woods
> 
>