From owner-freebsd-net Sun Jan 13 3: 1:12 2002 Delivered-To: freebsd-net@freebsd.org Received: from mail.du.gtn.com (mail.du.gtn.com [194.77.9.57]) by hub.freebsd.org (Postfix) with ESMTP id 87D3C37B417; Sun, 13 Jan 2002 03:01:06 -0800 (PST) Received: (from uucp@localhost) by mail.du.gtn.com (8.11.0.Beta3/8.11.0.Beta3) id g0DB14l08679; Sun, 13 Jan 2002 12:01:04 +0100 (MET) >Received: (from andreas@localhost) by klemm.gtn.com (8.11.6/8.11.3) id g0DAuas21303; Sun, 13 Jan 2002 11:56:36 +0100 (CET) (envelope-from andreas) Date: Sun, 13 Jan 2002 11:56:36 +0100 From: Andreas Klemm To: freebsd-net@FreeBSD.ORG Cc: mckusick@FreeBSD.ORG Subject: FIREWALL_FORWARD vs. using /sbin/natd ? Message-ID: <20020113105636.GA88221@titan.klemm.gtn.com> Mime-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.3.23.1i X-Operating-System: FreeBSD 4.5-RC X-Disclaimer: A free society is one where it is safe to be unpopular Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="X1bOJ3K7DJ5YkBrT" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --X1bOJ3K7DJ5YkBrT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I found a document describing a firewall design only using natd for redirects to internal network resources. (Hi Marshall, therefore Cc: to you, since its yours and I have a question). http://www.rootprompt.net/freebsd_firewall.html Based on these informations I think I could get rid of natd entirely. See my previous mail, my problem was, that I can't get it to run for a typical 2 NIC configuration with internal network, DMZ and a router in front of a 512k leased line. Or is this my NAT problem, that additionally I have to use the kernel option FIREWALL_FORWARD, to get NAT for internal users running, 'though all other documents state out, that only IPFIREWALL and IPDIVERT are needed ??? Therefore the question, is using FIREWALL_FORWARD a good replacement for /sbin/natd if you want to give users of the internal network access to the outside world ? Are there some things to take care of, when using FIREWALL_FORWARD ? Does the logic for firewall rules change, or could I still use the templates in /etc/rc.firewall ??? Thanks for help. Thanks Andreas /// --=20 Andreas Klemm - Powered by FreeBSD Need a magic printfilter today ? http://www.apsfilter.org/ Songs from our band >> 64Bits << http://www.64bits.de Inofficial band pages with add-on stuff http://www.apsfilter.org/64bits.ht= ml --X1bOJ3K7DJ5YkBrT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE8QWfjd3o+lGxvbLoRAhNdAJ0YQeYEmC15RwLXbwkZBGGGWeS25gCcCcJQ xFz+3cKp+1gq4t9d9Tj6S3M= =RvRA -----END PGP SIGNATURE----- --X1bOJ3K7DJ5YkBrT-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message