Date: Fri, 30 Jun 95 13:25 MSZ From: me@tartufo.pcs.dec.com (Michael Elbel) To: mcw@hpato.aus.hp.com Cc: questions@freebsd.org Subject: Re: ipfw and socks again Message-ID: <m0sReCd-000Pa5C@tartufo.pcs.dec.com> References: <199506300308.AA168761720@relay.hp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In pcs.freebsd.questions you write: >Hi, > I was under the impression that if I am to use sockd on FreeBSD as >a firewall machine, I should have all other machines on behind it >have the IP_FORWARDING off, except the firewall machine itself should >haveIP_FORWARDING on, is this correct ? Is this also correct with the >kernel ipfw ? No, the other way around. *Only* the firewall with it's at least two interfaces is supposed to have ip forwarding turned *off* (or the ipfw configured to something similar, like blocking most traffic between the interface on the inside and that on the outside). IP forwarding on means that ip packets coming in on one interface that have a route to another one will actually get passed there - basically what having the machine be a router is all about. If you turn it off, the firewall will not be able to route, exactly what all the firewall stuff is about. Michael -- Michael Elbel, PCS GmbH, Muenchen, Germany - me@FreeBSD.org Fermentation fault (coors dumped)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m0sReCd-000Pa5C>