From owner-freebsd-stable Tue May 23 14:23:17 2000 Delivered-To: freebsd-stable@freebsd.org Received: from mhub2.tc.umn.edu (mhub2.tc.umn.edu [128.101.131.42]) by hub.freebsd.org (Postfix) with ESMTP id 45D5437B7CE for ; Tue, 23 May 2000 14:23:12 -0700 (PDT) (envelope-from drew0054@tc.umn.edu) Received: from garnet.tc.umn.edu by mhub2.tc.umn.edu with ESMTP; Tue, 23 May 2000 16:23:10 -0500 Received: from localhost by garnet.tc.umn.edu with ESMTP; Tue, 23 May 2000 16:23:10 -0500 Date: Tue, 23 May 2000 16:23:10 -0500 (CDT) From: Zachary Drew To: Stephen Montgomery-Smith Cc: "B. Carlson" , stable@FreeBSD.ORG Subject: Re: One internet connection for many puters? In-Reply-To: <392AF00A.3C4BAE43@math.missouri.edu> Message-Id: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > firewall_script="/etc/rc.firewall.mine" > natd_flags="-s -m -u -dynamic" > I highly recomend that you use the "-u" flag. If you don't someone on your cable/dsl/etc subnet and possibly anywhere and the internet could use your machine the same way you use it from your private network (i.e. they could attack someone using you as the default gateway and it would appear to come from you.) This actually should be in the man page. > > One of the options I put on natd might require your local area network > addresses to be 192.168.xxx.xxx, which is what I have. the -u flag will allow 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16, not just 192.168.0.0/16 Zach To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message