From owner-freebsd-questions  Sat Sep 21 19:35:17 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id TAA25923
          for questions-outgoing; Sat, 21 Sep 1996 19:35:17 -0700 (PDT)
Received: from phantasma.bevc.blacksburg.va.us (kmitch@phantasma.bevc.blacksburg.va.us [198.82.200.65])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id TAA25880
          for <questions@freebsd.org>; Sat, 21 Sep 1996 19:35:11 -0700 (PDT)
Received: (from kmitch@localhost) by phantasma.bevc.blacksburg.va.us (8.7.5/8.7.3) id WAA25146; Sat, 21 Sep 1996 22:34:57 -0400 (EDT)
From: Keith Mitchell <kmitch@phantasma.bevc.blacksburg.va.us>
Message-Id: <199609220234.WAA25146@phantasma.bevc.blacksburg.va.us>
Subject: Re: SOCKS5 Question
In-Reply-To: <Pine.LNX.3.93.960921183300.1334A-100000@axis.axisnet.net> from Ali Lomonaco at "Sep 21, 96 06:35:09 pm"
To: ali@axis.axisnet.net (Ali Lomonaco)
Date: Sat, 21 Sep 1996 22:34:57 -0400 (EDT)
Cc: questions@freebsd.org
X-Mailer: ELM [version 2.4ME+ PL25 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> 	Thank you, I don't get that permit and deny entries.  The ip's in
> it that is.  I also don't want any authentication, do I take out that auth
> line?  And ed1 is the proxied network and ed0 is the internet.

Basically, the auth line says allow any authentication (default).

The  permit says allow any OUTGOING packets from 10.10.10.12 or 127.0.0.1
with a netmask of 255.0.0.0 (entire class A)
of 255.0.0.0 (entire class A)

The deny line rejects any INCOMING packets destined for 10.10.10.12 with a
netmask of 255.0.0.0 (entrie class A).  This is just a firewall security
feature.  Packets destined for the 10 network SHOULD never reach your machine,
but just to be safe ;-)

The route entries should be pretty much self explanitory.  Route all internal
packets via the internal interface.  All of the external ones via the external
packets.  The noproxy line is optional.  It is there for a placeholder only.

#
# Authentication entries
#
auth 10.10.10.12/255.0.0.0 - n

#
# Access entries
#
permit - - 127.0.0.1 - - -
permit - - 10.10.10.12/255.0.0.0 - - -
deny - - - 10.10.10.12/255.0.0.0 - -

#
# route entries
#
route 10.10.10.12/255.0.0.0 - ed1
route 0.0.0.0/0.0.0.0 - ed0
noproxy - - - -