From owner-freebsd-questions Fri Oct 12 12:45:23 2001 Delivered-To: freebsd-questions@freebsd.org Received: from brained.org (ubr-33.140.121.division.cfl.rr.com [65.33.140.121]) by hub.freebsd.org (Postfix) with ESMTP id 46AD337B405 for ; Fri, 12 Oct 2001 12:45:20 -0700 (PDT) Received: (from code@localhost) by brained.org (8.11.4/8.11.3) id f9CJdDk14774; Fri, 12 Oct 2001 15:39:13 -0400 (EDT) Date: Fri, 12 Oct 2001 15:39:13 -0400 From: Simon Perkins To: Alson van der Meulen Cc: freebsd-questions@FreeBSD.ORG Subject: Re: How to protect binding to interface ? Message-ID: <20011012153913.H4157@brained.org> References: <20011010214156.B27378@brained.org> <20011012143031.B21997@md2.mediadesign.nl> <20011012143125.G4157@brained.org> <20011012212703.C21997@md2.mediadesign.nl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="Sr1nOIr3CvdE5hEN" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011012212703.C21997@md2.mediadesign.nl>; from alm@flutnet.org on Fri, Oct 12, 2001 at 09:27:03PM +0200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --Sr1nOIr3CvdE5hEN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Oct 12, 2001 at 09:27:03PM +0200, Alson van der Meulen wrote: > > >=20 > >=20 > > I think that is a workable solution. I think I stated my question wrong= ly. > > What I need is *remote* users not to see public interfaces (bind to the= m). > Do you mean 'users logged in thru ssh from a remote location'? or 'users > on other remote computers making a tcp connection to me'? If it's the > latter, it's not called binding to an interface, but just packet > filtering/firewalling. So I assume you mean the former definition. >=20 Yes, I did mean the former. Maybe this is what I need to to User ssh's to my public IP (say 111.111.111.111) firewall running on public ip server forwards it to internal host (222.222.= 222.222) internal host just has a private ip address (222...). So users even if they run any server there, would be binding to non-public ip. Now I see, I can do this with 2 computers. But is it possible with just one computer (maybe with multiple network cards ?) Thanks --Sr1nOIr3CvdE5hEN Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (OpenBSD) Comment: For info see http://www.gnupg.org iD8DBQE7x0beQLIkk4YsfGgRAn6aAKCpBzJ9NNBBfmyZgevz3ZizPCr4FACfbM0h A5Kufkc44mim8NwuESBA/FQ= =A3Ub -----END PGP SIGNATURE----- --Sr1nOIr3CvdE5hEN-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message