From owner-freebsd-questions Wed Jan 17 12:30:23 2001 Delivered-To: freebsd-questions@freebsd.org Received: from post.mail.nl.demon.net (post-11.mail.nl.demon.net [194.159.73.21]) by hub.freebsd.org (Postfix) with ESMTP id 90E3F37B6FC for ; Wed, 17 Jan 2001 12:29:57 -0800 (PST) Received: from [212.238.77.116] (helo=willow.raggedclown.intra) by post.mail.nl.demon.net with smtp (Exim 3.14 #4) id 14IzDP-000DIF-00 for questions@freebsd.org; Wed, 17 Jan 2001 20:29:56 +0000 Received: from buffy.raggedclown.net (btvs.demon.nl [192.168.1.2]) by willow.raggedclown.intra (Postfix) with ESMTP id BD04F5DA6 for ; Wed, 17 Jan 2001 21:28:48 +0100 (CET) Received: by buffy.raggedclown.net (Postfix on SuSE Linux 7.0 (i386), from userid 500) id 5E9E512C3F; Wed, 17 Jan 2001 21:27:38 +0100 (CET) Date: Wed, 17 Jan 2001 21:27:38 +0100 From: Cliff Sarginson To: questions@freebsd.org Subject: ppp, natd, ipfw. Can an expert clarify something ? Message-ID: <20010117212738.D898@raggedclown.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello In the documentation for natd it states early on that if you want nat with ppp you should use the -nat option for that with ppp. In the BSD document called something like "Dial Up Firewall" or similar, the example given does not use -nat, but uses natd directly. Apart from the fact the example in the document don't work.. well..back to the question. I have an inner network of the 192.168 variety where I need no firewall and no NAT. My gateway connects to the Internet with a PPP connection as normal. On the gateway I want to allow ALL services out from the inner network and HTTP,ssh,ftp in. Somehow I want these services not to be serviced by the gateway but to be re-directed to another server. Now my question is this: - DO I use PPP -nat with ppp filter rules - Do I use PPP -nat with ipfw rules - Do I use PPP with seperate NAT and ipfw rules - Do I use PPP with seperate NAT and PPP filter rules :) I don't have an opinion. But the documentation I have read does not really give enough guidelines. I know what I want to firewall, I think I understand what it is all about. But I insufficient data to make an informed decision.. Sorry for such a ramble. I am sure others may appreciate an answer as well though. Thanks Cliff p.s. Anyone know whether xinted would be good for redirecting http/ftp in this scenario ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message