Date: Thu, 19 Oct 2000 18:57:13 -0700 (PDT) From: Archie Cobbs <archie@dellroad.org> To: peter@sysadmin-inc.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: natd/ipfw and mpd-netgraph for VPN question Message-ID: <200010200157.e9K1vDD57363@curve.dellroad.org> In-Reply-To: <000901c0392e$d23150a0$47010a0a@fire.sysadmininc.com> "from Peter Brezny at Oct 18, 2000 02:11:21 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Brezny writes: [ Charset ISO-8859-1 unsupported, converting... ] > suppose i've got two offices at different locations, each with a cable modem > or other 'fast' access using mpd-netgraph on a 4.1 box to create a vpn > between them. each office uses their connection to go to the internet as > well. > > Now i need to firewall each connection to the internet. Will natd/ipfw be > able to play nice with mpd-netgraph? > > the natd man page says that > > options IPFIREWALL > options IPDIVERT > > must be compiled into the kernel however just the line > > firewall_enable="YES" > > aparently starts a kernel module for ipfw...is that line in rc.conf enough > or does natd really require a recompiled kernel? > > and finally, would i be better off with a package like SOCKS5 instead of > natd/ipfw and would it get along as well with mpd-netgraph? Should work fine.. just make sure you allow TCP port 1723 and IP proto #47 to reach mpd. -Archie ___________________________________________________________________________ Archie Cobbs * Packet Design, Inc. * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010200157.e9K1vDD57363>