From owner-freebsd-isp  Thu Oct  1 10:52:56 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA29791
          for freebsd-isp-outgoing; Thu, 1 Oct 1998 10:52:56 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from peak.mountin.net (peak.mountin.net [207.227.119.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA29784
          for <freebsd-isp@FreeBSD.ORG>; Thu, 1 Oct 1998 10:52:54 -0700 (PDT)
          (envelope-from jeff-ml@mountin.net)
Received: (from daemon@localhost)
	by peak.mountin.net (8.9.1/8.9.1) id MAA23850;
	Thu, 1 Oct 1998 12:52:37 -0500 (CDT)
Received: from harkol-87.isdn.mke.execpc.com(169.207.64.215) by peak.mountin.net via smap (V1.3)
	id sma023847; Thu Oct  1 12:52:17 1998
Message-Id: <3.0.3.32.19981001125055.010c99c8@207.227.119.2>
X-Sender: jeff-ml@207.227.119.2
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32)
Date: Thu, 01 Oct 1998 12:50:55 -0500
To: Archie Cobbs <archie@whistle.com>
From: "Jeffrey J. Mountin" <jeff-ml@mountin.net>
Subject: Re: IPFW, Dual network cards
Cc: freebsd-isp@FreeBSD.ORG
In-Reply-To: <199810011508.IAA00256@bubba.whistle.com>
References: <3.0.3.32.19980930223953.007890e4@207.227.119.2>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 08:08 AM 10/1/98 -0700, Archie Cobbs wrote:
>Enabling forwarding in rc.conf == setting "gateway_enable=YES" in rc.conf.
>"IP forwarding" == "IP routing".

Gotcha, but isn't natd required if you use private IPs?  I'd test it, but my system is still TKO.

>No, routers don't typically look into the packets that they route.
>Use ipfw to block ports 137,138,139 if you want to stop NetBEUI stuff.

Ah yes, blocked at the router and from dial-in with filters, so there was no need for running ipfw in my case.  If a network were setup with 2 ether ports on the router (Cisco or FBSD) then _every_ machine doesn't need it.

The problem I see with the colo's is protecting them from each other, after you protect yourself.  Steven's setup can do this.  My preferance is to use a second ether port on the router.


Jeff Mountin - Unix Systems TCP/IP networking
jeff@mountin.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message