Date: Wed, 17 Jan 2001 20:35:07 +0000 From: Gareth Gunning <ggunning@eCoNeed.com> To: Cliff Sarginson <cliff@raggedclown.net> Cc: questions@FreeBSD.ORG Subject: Re: ppp, natd, ipfw. Can an expert clarify something ? Message-ID: <3A6601FB.B0ECBAEA@eCoNeed.com> References: <20010117212738.D898@raggedclown.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Cliff Sarginson wrote: > Hello > In the documentation for natd it states early on that > if you want nat with ppp you should use the -nat option > for that with ppp. > In the BSD document called something like "Dial Up Firewall" or > similar, the example given does not use -nat, but uses natd > directly. Apart from the fact the example in the document don't > work.. well..back to the question. > > I have an inner network of the 192.168 variety where I need no > firewall and no NAT. > My gateway connects to the Internet with a PPP connection as normal. > On the gateway I want to allow ALL services out from the inner > network and HTTP,ssh,ftp in. Somehow I want these services not > to be serviced by the gateway but to be re-directed to another > server. > > Now my question is this: > > - DO I use PPP -nat with ppp filter rules > - Do I use PPP -nat with ipfw rules > - Do I use PPP with seperate NAT and ipfw rules > - Do I use PPP with seperate NAT and PPP filter rules > > :) > I don't have an opinion. But the documentation I have read > does not really give enough guidelines. > I know what I want to firewall, I think I understand what > it is all about. But I insufficient data to make an informed > decision.. > > Sorry for such a ramble. I am sure others may appreciate an > answer as well though. > > Thanks > Cliff > > p.s. Anyone know whether xinted would be good for redirecting > http/ftp in this scenario ? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message well my two pennies would be to use ppp -nat and have a separate ipfw setup. just cos firewalls are import things so the setup which gives you the best control is what you after. you can use a linkup script to get you IP if its dynamic and configure the firewall. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A6601FB.B0ECBAEA>