From owner-freebsd-questions Sun Aug 27 20:47: 5 2000 Delivered-To: freebsd-questions@freebsd.org Received: from w2xo.pgh.pa.us (ipl-229-037.npt-sdsl.stargate.net [208.223.229.37]) by hub.freebsd.org (Postfix) with ESMTP id 762E437B422 for ; Sun, 27 Aug 2000 20:46:58 -0700 (PDT) Received: from w2xo.w2xo.pgh.pa.us (w2xo.w2xo.pgh.pa.us [192.168.5.1]) by w2xo.pgh.pa.us (8.9.3/8.9.3) with ESMTP id DAA01712; Mon, 28 Aug 2000 03:46:39 GMT (envelope-from durham@w2xo.pgh.pa.us) Date: Mon, 28 Aug 2000 03:46:39 +0000 (GMT) From: Jim Durham To: Roger Merritt Cc: Shane Hagan , freebsd-questions@freebsd.org Subject: Re: I did it! In-Reply-To: <3.0.6.32.20000828100357.008912f0@stjohn.stjohn.ac.th> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Hmmm. I just upgraded to 4.1-STABLE and discovered that elves have > added a couple of lines to /etc/defaults/rc.conf, so this actually > seems to need: > > gateway_enable="YES"` > firewall_enable="YES" > firewall_type="open" > natd_enable="YES" > natd_interface="ed1" > forward_sourceroute="YES" # do source routing (only if gateway_enable > is set t > o "YES") > accept_sourceroute="YES" # accept source routed packets to us > > The last two lines default to "NO", so you need to insert the changes > in /etc/rc.conf. Without them natd stopped forwarding packets, and I > wasn't even getting any error messages. > -- I just had a little conversation about this with the local guru guy and this is generally a *bad* thing. You should not need source routing turned on. It allows packet spoofing. In source routing, you are specifying the path of the packet through routers. You probably don't want your FreeBSD box participating in such shenanagins! -Jim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message