Date: Fri, 10 Dec 2004 15:12:52 -0500 From: David Banning <david+dated+1103141576.b2bd68@skytracker.ca> To: Lucas Holt <luke@foolishgames.com> Cc: questions@freebsd.org Subject: Re: gateway_enable question Message-ID: <20041210201252.GA10652@skytracker.ca> In-Reply-To: <41B91CF7.6020608@foolishgames.com> References: <20041210013055.GA49697@skytracker.ca> <41B91CF7.6020608@foolishgames.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> If you use nat, killing natd might be an option. You could also put up > a firewall that blocks those computers ip addresses. Maybe have 2 > firewall configs. You could simply run a flush and then load the new > ones on the command line. (ipfw) Thanks Lucas. I have tried killing the ppp nat that I run by killing; /usr/sbin/ppp -quiet -ddial -nat default and running; /usr/sbin/ppp -quiet -ddial default but surprisingly, the network machines can still access the internet. To me that is strange, especially when you consider that I don't have natd running either. There must be something doing the network translation unseen to me. I am running squid and dansguardian - I don't know if they provide any nat function. On the firewall it is difficult to block the win boxes because I -want- each machine to be able to contact each other, but I don't want the windows boxes to have internet connection. ipfw would be great - my main problem is that I want to block the win boxes from using messenger which tries any and all ports, but I don't want to block my x-win (xwin32) terminal connection to unix from each win box - which -also- seems to want to pick it's own port every time it runs. --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041210201252.GA10652>