Hello all, After tons of reading, finally it work, yep it work. I manage to force everyone to use Wingate as http proxy for content blocking, all other tracfic will goes direct to STN. STN ip 192.168.0.1 Wingate ip 192.168.0.100 Workstation 192.168.0.101 and on. You only need 2 line of command. # command line below will stop all tcp packet from http ports from being forwarded. ipfwadm -F -i deny -P tcp -S 192.168.0.0/24 -D 0.0.0.0/0 http # command line below will allow only 192.168.0.100 to connect to internet, http ports. ipfwadm -F -i accept -P tcp -S 192.168.0.100/32 -D 0.0.0.0/0 http I use http instead of port 80, due to http will use multiple ports. also you can use "reject" instead of "deny" that will mak system smoother. anyone care to try, Affnan ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com -- Visit http://www.ShareTheNet.com for info about ShareTheNet Visit http://www.topica.com/lists/sharethenet for info about this list _____________________________________________________________ Who will win the Oscars? Spout off on our Entertainment list! http://www.topica.com/lists/showbiztalk
