# How to exclude 1 ip in global rdr (ipnat)



## joeanna (Nov 19, 2010)

Dear alls,
I am running ipnat/ipf on FreeBSD 8.1 stable.
How do I exclude certain ip in global rdr in ipnat.rules. for example:


```
rdr inside-interface any port 80 -> 192.168.2.100 port 80 tcp
```

That works easily. Now I would like to exclude just 1 ip, for example 202.93.93.93 to be excluded in redirection to another machine. What is the command/syntax in ipnat ?

Thanks in advance.


----------



## kisscool-fr (Nov 19, 2010)

If I'm not wrong, first match rule is applied in ipf nat file. 

So, this should work


```
rdr inside-interface from 202.93.93.93 to any port 80 -> another-machine-ip port 80 tcp
rdr inside-interface any port 80 -> 192.168.2.100 port 80 tcp
```

Try and tell us.


----------



## joeanna (Nov 19, 2010)

Thank you for your information. 

I would like to redirect all outgoing traffic to port 80 to another machine and exclude outgoing traffic to 1 WAN IP (202.93.93.x)
I would like traffic intended to this WAN IP out directly, not redirected to any other internal LAN servers, or proxies. 

So this is how I tried and it worked out:


```
rdr inside-interface 202.93.93.x/32 port 80 -> 202.93.93.x port 80 tcp
rdr outside-interface 202.93.93.x/32 port 80 -> 202.93.93.x port 80 tcp 
rdr inside-interface any port 80 -> IP-of-my-proxy port 80 tcp
```


----------

