Date: 04 Jul 2003 10:41:31 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.no-ip.com> To: freebsd-questions@freebsd.org Subject: Re: ipfw troubles Message-ID: <44r856qrqc.fsf@be-well.ilk.org> In-Reply-To: <Pine.LNX.4.33.0307021429340.22146-100000@odin.ac.hmc.edu> References: <Pine.LNX.4.33.0307021429340.22146-100000@odin.ac.hmc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Dan Phiffer <dphiffer@hmc.edu> writes: > I guess this means I'm not serving DHCP - what kind of rule would fix > that? There are two sides. You need to accept the packets coming in to dhcps, as well as the ones going out to dhcpc. There are a number of different ways to do this, but make sure you keep it limited to the interface on which you intend to supply these addresses. > I read somewhere that simply using natd adds statefulness to an > otherwise stateless ipfw configuration. Would an unstateful ipfw setup be > less secure in this case? Not necessarily, no. The kinds of state being kept are quite different, and there isn't any particular relationship between them. In fact, it's a lot more difficult to use stateful rules with natd running, because the packets match differently depending on whether they've been NAT'd already or not.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44r856qrqc.fsf>