From owner-freebsd-questions Wed Jan 17 12:35:27 2001 Delivered-To: freebsd-questions@freebsd.org Received: from eCoNeed.com (unknown [147.252.134.34]) by hub.freebsd.org (Postfix) with ESMTP id 396D137B704 for ; Wed, 17 Jan 2001 12:34:58 -0800 (PST) Received: from eCoNeed.com (localhost.kst.dit.ie [127.0.0.1]) by eCoNeed.com (8.11.1/8.11.1) with ESMTP id f0HKZ7O20039; Wed, 17 Jan 2001 20:35:07 GMT (envelope-from ggunning@eCoNeed.com) Message-ID: <3A6601FB.B0ECBAEA@eCoNeed.com> Date: Wed, 17 Jan 2001 20:35:07 +0000 From: Gareth Gunning X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.2-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Cliff Sarginson Cc: questions@FreeBSD.ORG Subject: Re: ppp, natd, ipfw. Can an expert clarify something ? References: <20010117212738.D898@raggedclown.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Cliff Sarginson wrote: > Hello > In the documentation for natd it states early on that > if you want nat with ppp you should use the -nat option > for that with ppp. > In the BSD document called something like "Dial Up Firewall" or > similar, the example given does not use -nat, but uses natd > directly. Apart from the fact the example in the document don't > work.. well..back to the question. > > I have an inner network of the 192.168 variety where I need no > firewall and no NAT. > My gateway connects to the Internet with a PPP connection as normal. > On the gateway I want to allow ALL services out from the inner > network and HTTP,ssh,ftp in. Somehow I want these services not > to be serviced by the gateway but to be re-directed to another > server. > > Now my question is this: > > - DO I use PPP -nat with ppp filter rules > - Do I use PPP -nat with ipfw rules > - Do I use PPP with seperate NAT and ipfw rules > - Do I use PPP with seperate NAT and PPP filter rules > > :) > I don't have an opinion. But the documentation I have read > does not really give enough guidelines. > I know what I want to firewall, I think I understand what > it is all about. But I insufficient data to make an informed > decision.. > > Sorry for such a ramble. I am sure others may appreciate an > answer as well though. > > Thanks > Cliff > > p.s. Anyone know whether xinted would be good for redirecting > http/ftp in this scenario ? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message well my two pennies would be to use ppp -nat and have a separate ipfw setup. just cos firewalls are import things so the setup which gives you the best control is what you after. you can use a linkup script to get you IP if its dynamic and configure the firewall. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message