From owner-freebsd-questions@FreeBSD.ORG Fri Dec 10 20:13:02 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EBB0F16A4CE for ; Fri, 10 Dec 2004 20:13:02 +0000 (GMT) Received: from gozer.look.ca (epsilon1.look.ca [207.136.80.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B41E43D46 for ; Fri, 10 Dec 2004 20:13:00 +0000 (GMT) (envelope-from david+dated+1103141576.b2bd68@skytracker.ca) Received: from 3s1.com ([209.161.205.12]) by gozer.look.ca with esmtp (Exim 4.20) id 1Ccr8M-0008Oc-M2 for questions@freebsd.org; Fri, 10 Dec 2004 20:12:58 +0000 Received: (from root@localhost) by 3s1.com (8.12.8p1/8.12.8) id iBAKCwr5012475 for questions@freebsd.org; Fri, 10 Dec 2004 15:12:58 -0500 (EST) (envelope-from david+dated+1103141576.b2bd68@skytracker.ca) Received: from 3s1.com (localhost [127.0.0.1]) by 3s1.com (8.12.8p1/8.9.3) with ESMTP id iBAKCvih012451 for ; Fri, 10 Dec 2004 15:12:57 -0500 (EST) Received: (from david@localhost) by 3s1.com (8.12.8p1/8.12.8/Submit) id iBAKCvHH012433 for questions@freebsd.org; Fri, 10 Dec 2004 15:12:57 -0500 (EST) (envelope-from david+dated+1103141576.b2bd68@skytracker.ca) X-Authentication-Warning: 3s1.com: david set sender to david+dated+1103141576.b2bd68@skytracker.ca using -f Received: by 3s1.com (tmda-sendmail, from uid 1000); Fri, 10 Dec 2004 15:12:55 -0500 (EST) Date: Fri, 10 Dec 2004 15:12:52 -0500 To: Lucas Holt Message-ID: <20041210201252.GA10652@skytracker.ca> References: <20041210013055.GA49697@skytracker.ca> <41B91CF7.6020608@foolishgames.com> Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: <41B91CF7.6020608@foolishgames.com> User-Agent: Mutt/1.4.2.1i X-Delivery-Agent: TMDA/1.0.2 (Bold Forbes) From: David Banning X-scanner: scanned by Inflex 1.0.12.3 - (http://pldaniels.com/inflex/) X-SA-Exim-Mail-From: david+dated+1103141576.b2bd68@skytracker.ca Content-Type: text/plain; charset=us-ascii X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on chi.look.ca X-Spam-Level: * X-Spam-Status: No, hits=1.1 required=9.0 tests=FROM_ENDS_IN_NUMS, FROM_HAS_MIXED_NUMS autolearn=no version=2.63 X-SA-Exim-Version: 3.1 (built Tue Feb 24 05:09:27 GMT 2004) X-SA-Exim-Scanned: Yes cc: questions@freebsd.org Subject: Re: gateway_enable question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Dec 2004 20:13:03 -0000 > If you use nat, killing natd might be an option. You could also put up > a firewall that blocks those computers ip addresses. Maybe have 2 > firewall configs. You could simply run a flush and then load the new > ones on the command line. (ipfw) Thanks Lucas. I have tried killing the ppp nat that I run by killing; /usr/sbin/ppp -quiet -ddial -nat default and running; /usr/sbin/ppp -quiet -ddial default but surprisingly, the network machines can still access the internet. To me that is strange, especially when you consider that I don't have natd running either. There must be something doing the network translation unseen to me. I am running squid and dansguardian - I don't know if they provide any nat function. On the firewall it is difficult to block the win boxes because I -want- each machine to be able to contact each other, but I don't want the windows boxes to have internet connection. ipfw would be great - my main problem is that I want to block the win boxes from using messenger which tries any and all ports, but I don't want to block my x-win (xwin32) terminal connection to unix from each win box - which -also- seems to want to pick it's own port every time it runs. --