Date: Fri, 30 Jun 1995 08:14:12 -0500 From: "Eric L. Hernes" <erich@jake.lodgenet.com> To: M C Wong <mcw@hpato.aus.hp.com> Cc: freebsd-questions@freefall.cdrom.com (freebsd-questions@freefall.cdrom.com) Subject: Re: ipfw and socks again Message-ID: <199506301314.IAA19580@jake.lodgenet.com> In-Reply-To: Your message of "Fri, 30 Jun 1995 13:08:32 EST." <199506300308.AA168761720@relay.hp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi, > I was under the impression that if I am to use sockd on FreeBSD as > a firewall machine, I should have all other machines on behind it > have the IP_FORWARDING off, except the firewall machine itself should > haveIP_FORWARDING on, is this correct ? Is this also correct with the > kernel ipfw ? > I don't think that you even need ipfw turned on on the firewall machine. The sockd stuff handles the forwarding. We have a connection to a providor who doesn't know how to route, so we use a ppp connection with a sockd host. The sockd host's ppp interface is on the providor's net, of course. If we use the kernel level ip forwarding, traffic off of our local net gets to our providor, who can't route back to us. The sockd makes connections to the internet on behalf of the local machines, so the providor's net doesn't need to know the routes back. All in all it's more of a firewall based in ignorance on our providor's part. > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > M.C Wong Email: mcw@hpato.aus.hp.com > Australian Telecom Operation Voice: +61 3 272 8058 > Hewlett-Packard Australia Ltd Fax: +61 3 898 9257 > 31 Joseph St, Blackburn 3130, Australia OS: FreeBSD-1.1.5.1 > http://hpautow.aus.hp.com:9999/~mcw/mcw.html (or http://hpautorf/~mcw) > eric. -- erich@lodgenet.com erich@rrnet.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199506301314.IAA19580>