Date: Tue, 4 Feb 2003 01:32:21 -0500 From: Barney Wolff <barney@pit.databus.com> To: Mikhail Teterin <mi+kde@aldan.algebra.com> Cc: net@FreeBSD.ORG Subject: Re: Does natd(8) really need to see _all_ packets? Message-ID: <20030204063221.GA3032@pit.databus.com> In-Reply-To: <200302040027.30781@aldan> References: <200302040027.30781@aldan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 04, 2003 at 12:27:30AM -0500, Mikhail Teterin wrote: > > This question bothered me for a while -- most of the traffic on my LAN > is just that -- local. Yet my gw/firewall machine only has one interface > -- with two IP addresses -- private and public on it. > > The DSL modem is plugged into the switch just like everything else. > > I doubt this is a unique setup. > > ... > > # Stop spoofing > # How? You've pointed out for yourself the fatal problem with this setup. Get a cheap 10baseT card to talk to the dsl modem. Are you out of slots? If you insist on using only one nic, putting a "pass ip LN LN" right after the lo0/127 rules will minimize overhead for local traffic. If you need protection from the other hosts on your lan there are things running on your firewall that should not be there. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030204063221.GA3032>