Date: Tue, 31 Oct 2000 07:47:50 -0800 From: "Jeremiah Gowdy" <jgowdy@home.com> To: <cjclark@alum.mit.edu>, "Daniel Ruthardt" <ruthardt@chello.at> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: IP Masquerading - Using NAT Message-ID: <003601c04351$ec960300$aa240018@cx443070b> References: <20001029143205.X75251@149.211.6.64.reflexcom.com> <KDEOJJLADGAOLHAHFGMKCEDBCBAA.ruthardt@chello.at> <20001030111946.A3675@149.211.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Looks pretty good except for one big problem, you are trying to use a > single interface. natd(8) is designed to be used with multiple > interfaces. It does not work well with one. Each packet will go > through natd(8) twice and this tends to really confuse it. Hmm. I won't presume to say you're wrong, but I've done natd on a single interface in three different setups, and they run perfectly. Of course you would want to make sure your router, modem, dsl device, etc wasn't going to accept any non-routable IP packets, especially if you're using IP based security like in Samba. > There are other problems with this scheme. First, if you were planning > to later add firewall rules for security, they will offer little > protection since your machines are still naked on the net. Second, you > are likely going to be leaking your "private" address traffic onto > your LAN (and from there who knows where it may get routed). Why would anything route a 10.0.0.x or 192.168.x.x ? I'm not contradicting you, I'm curious. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003601c04351$ec960300$aa240018>