Date: Sun, 01 Feb 2004 22:14:36 +0600 From: Eugene Panchenko <replicator@ngs.ru> To: questions@freebsd.org Subject: NAT and IPFW rules Message-ID: <web-102568413@intranet.ru>
next in thread | raw e-mail | index | archive | help
Hallo!
Out from reading the manpage for natd, I have a question about how to restrict IPFW access for NAT for the case when I have one computer connected directly to another one (having two NICs installed into it)? That means that I don't have to care about big private network, but rather want to narrow down the access to single private IP address.
For NAT to work, two rules need to be added:
ipfw add divert natd all from any to any via xl0
Can this rule be restricted (is it possible to divert not every packets)? Right now, every packet that enters/leaves the system is diverted, sometimes natd process eats quite a lot of processor resources. Can this be avoided? How?
ipfw add pass all from any to any
How can this be restricted? I basically need only outgoing stuff working, that's all, and silently passing any packets from whatever location to any destination is insecure to me. Can someone post a live examples of such setup?
Waiting to hear from some gurus ;)
--
Eugene
---------------------------------------------------------
Размер почтовых ящиков увеличен до 25 мегабайт!
ПОЧТА НГС - http://ngs.ru/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?web-102568413>