From owner-freebsd-security  Thu May  7 05:08:49 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id FAA04539
          for freebsd-security-outgoing; Thu, 7 May 1998 05:08:49 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from osku.suutari.iki.fi (kn6-045.ktvlpr.inet.fi [194.197.169.45])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA04390;
          Thu, 7 May 1998 05:07:15 -0700 (PDT)
          (envelope-from ari@osku.suutari.iki.fi)
Received: from localhost (ari@localhost)
	by osku.suutari.iki.fi (8.8.7/8.8.5) with SMTP id PAA27980;
	Thu, 7 May 1998 15:06:18 +0300 (EET DST)
Date: Thu, 7 May 1998 15:06:18 +0300 (EET DST)
From: Ari Suutari <ari@suutari.iki.fi>
To: Adam Rothschild <asr@millburn.net>
cc: freebsd-net@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: NAT woes!
In-Reply-To: <Pine.BSF.3.95q.980506203916.29027A-100000@thuule.pair.com>
Message-ID: <Pine.BSF.3.96.980507150248.27970A-100000@osku.suutari.iki.fi>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

On Wed, 6 May 1998, Adam Rothschild wrote:
Hi,

> natd -log -redirect_address 192.168.0.0 0.0.0.0 -n ex0 -u

	I would leave -redirect_address out since it is not
	required for accepting incoming connection and also because
	it doesn't map networks - it maps host addresses.

> ipfw -f flush
> ipfw add divert natd all from any to any 

	add "via ex0" to end of this rule to pass only packets
	of ex0 to natd.

	Ari <ari@suutari.iki.fi>
	Lappeenranta, Finland


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message