From owner-freebsd-questions@FreeBSD.ORG Sat Dec 11 03:09:59 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2AB4016A4CE for ; Sat, 11 Dec 2004 03:09:59 +0000 (GMT) Received: from ns1.tiadon.com (SMTP.tiadon.com [69.27.132.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id D91BA43D31 for ; Sat, 11 Dec 2004 03:09:58 +0000 (GMT) (envelope-from kdk@daleco.biz) Received: from [69.27.131.0] ([69.27.131.0]) by ns1.tiadon.com with Microsoft SMTPSVC(6.0.3790.211); Fri, 10 Dec 2004 21:07:55 -0600 Message-ID: <41BA651B.1020905@daleco.biz> Date: Fri, 10 Dec 2004 21:10:19 -0600 From: "Kevin D. Kinsey, DaleCo, S.P." User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20041023 X-Accept-Language: en-us, en MIME-Version: 1.0 To: David Banning References: <20041210013055.GA49697@skytracker.ca> <41B92C8C.8050407@yahoo.com> <20041210202014.GA12902@skytracker.ca> In-Reply-To: <20041210202014.GA12902@skytracker.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 11 Dec 2004 03:07:55.0775 (UTC) FILETIME=[9C5878F0:01C4DF2E] cc: Rob cc: questions@freebsd.org Subject: Re: gateway_enable question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Dec 2004 03:09:59 -0000 David Banning wrote: >>>My thought was to disable the gateway configuration set in rc.conf. >>>How do I disable the gateway option without rebooting? >>> >>> >>I have gateway enabled, but natd disabled, which blocks the >>traffic from inside to outside, I believe. >> >> > >I have my nat running in ppp, and when I disable it, all the network >still happily connects to the net. I don't have natd running either. >Figure that out. I may be that squid is doing some nat function. > > > Seems likely, as it's a proxy server. But I'm not into proxy servers, so don't consider that authoritative. Lots of guys have suggested the firewall. On ipfw, that'd be something like (put your rule number for N and sub your network in for 192.168.0): add <> deny ip from any 192.168.0/24 to any out via tun0 (I'm assuming your PPP uses the first tunnel device?) In another portion of this thread you stated: >On the firewall it is difficult to block the win boxes because I -want- >each machine to be able to contact each other, but I don't want the >windows boxes to have internet connection. Now, that seems a little weird. Do you not have a hub or switch other than the BSD box on this network? Unless you're doing some strange routing or something, everybody on the wire ought to see everybody else regardless of the settings on the firewall (except they maybe won't see *it* ...) HTH, Kevin Kinsey