From owner-freebsd-net@FreeBSD.ORG  Sat Mar 20 05:36:42 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7F77B16A4CF
	for <freebsd-net@freebsd.org>; Sat, 20 Mar 2004 05:36:42 -0800 (PST)
Received: from mail.performancedesign.no (a217-118-41-78.bluecom.no
	[217.118.41.78])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3AA1043D5E
	for <freebsd-net@freebsd.org>; Sat, 20 Mar 2004 05:36:42 -0800 (PST)
	(envelope-from idart@performancedesign.no)
Received: from performancedesign.no (fulcrum.performancedesign.no
	[192.168.1.7])
	by mail.performancedesign.no (Postfix) with ESMTP id 31C3A20BC8
	for <freebsd-net@freebsd.org>; Sat, 20 Mar 2004 14:31:40 +0100 (CET)
Message-ID: <405C48E8.5060903@performancedesign.no>
Date: Sat, 20 Mar 2004 14:36:40 +0100
From: Idar Tollefsen <idart@performancedesign.no>
Organization: Performance Design
User-Agent: Mozilla Thunderbird 0.5 (Macintosh/20040208)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Firewall - why not just block everything not to/from me?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Mar 2004 13:36:42 -0000

Hello,

I'll admit that networking isn't my strongest
side, but I hope to learn some more, and this
has been bugging me a little, so I hope someone
will bear over with me and explain this.

I have a firewall setup based on the "simple"
setup in rc.firewall.

I was wondering why the blocks for RFC1918 and
other "illegal" nets on both sides of natd are as
they are? Or rather, why not just block everything
not destined for the address(es) on the external
interface(s) before natd and everything not from
the same address(es) after natd? What would I miss
that should, or shouldn't, have let in/out if I do
that?

Another question is why I need to block incoming
traffic to addresses not associated with my machine
at all? Why would, for example, my box ever receive
request destined for 192.168.0.1 when that's not my
address?

Thank your for your time.



- IT