From owner-freebsd-questions@FreeBSD.ORG Fri Dec 10 08:30:37 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2CA7616A4CE for ; Fri, 10 Dec 2004 08:30:37 +0000 (GMT) Received: from hosea.tallye.com (joel.tallye.com [216.99.199.78]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D7BF43D5D for ; Fri, 10 Dec 2004 08:30:36 +0000 (GMT) (envelope-from lorenl@alzatex.com) Received: from hosea.tallye.com (hosea.tallye.com [127.0.0.1]) by hosea.tallye.com (8.12.8/8.12.10) with ESMTP id iBA8UaYs015296 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 10 Dec 2004 00:30:36 -0800 Received: (from sttng359@localhost) by hosea.tallye.com (8.12.8/8.12.10/Submit) id iBA8UZ8H015294; Fri, 10 Dec 2004 00:30:35 -0800 X-Authentication-Warning: hosea.tallye.com: sttng359 set sender to lorenl@alzatex.com using -f Date: Fri, 10 Dec 2004 00:30:35 -0800 From: "Loren M. Lang" To: Rob Message-ID: <20041210083035.GG32126@alzatex.com> References: <20041210013055.GA49697@skytracker.ca> <41B92C8C.8050407@yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <41B92C8C.8050407@yahoo.com> User-Agent: Mutt/1.4.1i X-GPG-Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc X-GPG-Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C cc: FreeBSD Subject: Re: gateway_enable question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Dec 2004 08:30:37 -0000 On Fri, Dec 10, 2004 at 01:56:44PM +0900, Rob wrote: > David Banning wrote: > >I have a few win boxes which use my FreeBSD box as a gateway to=20 > >the net. I am wondering how I can keep a network connection=20 > >between all the computers, allowing the FreeBSD box to=20 > >still be connected to the net, but disallow all win boxes from=20 > >connecting to the net?=20 > > > >My thought was to disable the gateway configuration set in rc.conf. > >How do I disable the gateway option without rebooting? >=20 > I have gateway enabled, but natd disabled, which blocks the > traffic from inside to outside, I believe. Actually, not running natd simply means that the traffic passing though won't be NATed, but I bet it is still going through. Now your ISP may still block the traffic because the address ur internal network uses are not allowed on the internet, but not all isps will neccessarily block it and traffic may indeed get out, just with no route back. This might be a great way to do a DoS attack on someone without needing to be root. I think the proper way to not forward traffic would be to setup a firewall to block it, or disable ip forwarding with sysctl net.inet.ip.forwarding=3D0, or even both! >=20 > Rob. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" --=20 I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C =20