Date: Mon, 28 Aug 2000 03:46:39 +0000 (GMT) From: Jim Durham <durham@w2xo.pgh.pa.us> To: Roger Merritt <mcrogerm@stjohn.ac.th> Cc: Shane Hagan <shane_64@hotmail.com>, freebsd-questions@freebsd.org Subject: Re: I did it! Message-ID: <Pine.BSF.4.21.0008280343510.1633-100000@w2xo.w2xo.pgh.pa.us> In-Reply-To: <3.0.6.32.20000828100357.008912f0@stjohn.stjohn.ac.th>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hmmm. I just upgraded to 4.1-STABLE and discovered that elves have > added a couple of lines to /etc/defaults/rc.conf, so this actually > seems to need: > > gateway_enable="YES"` > firewall_enable="YES" > firewall_type="open" > natd_enable="YES" > natd_interface="ed1" > forward_sourceroute="YES" # do source routing (only if gateway_enable > is set t > o "YES") > accept_sourceroute="YES" # accept source routed packets to us > > The last two lines default to "NO", so you need to insert the changes > in /etc/rc.conf. Without them natd stopped forwarding packets, and I > wasn't even getting any error messages. > -- I just had a little conversation about this with the local guru guy and this is generally a *bad* thing. You should not need source routing turned on. It allows packet spoofing. In source routing, you are specifying the path of the packet through routers. You probably don't want your FreeBSD box participating in such shenanagins! -Jim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008280343510.1633-100000>