From owner-freebsd-hackers  Wed Aug 28 10:52:43 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA16783
          for hackers-outgoing; Wed, 28 Aug 1996 10:52:43 -0700 (PDT)
Received: from regina.ibs-us.net (regina.ibs-us.net [208.131.3.35])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA16772
          for <hackers@freebsd.org>; Wed, 28 Aug 1996 10:52:41 -0700 (PDT)
Received: (from fisbis@localhost) by regina.ibs-us.net (8.7.4/8.7.3) id KAA10682; Wed, 28 Aug 1996 10:51:58 -0700 (PDT)
Date: Wed, 28 Aug 1996 10:51:58 -0700 (PDT)
From: Derek Boonstra <fisbis@ibs-us.net>
To: hasty@netcom.com
cc: hackers@freebsd.org
Subject: Re: routing question
In-Reply-To: <199608280228.LAA10420@genesis.atrad.adelaide.edu.au>
Message-ID: <Pine.SOL.3.91.960828103700.10495A-100000@regina>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Wed, 28 Aug 1996, Michael Smith wrote:

> Amancio Hasty Jr stands accused of saying:
> > 
> > I have a box with an ethernet interface and a slip line.
> > The ethernet is on a different network than the slip line.
> > What i want to know if I have to install a firewall to prevent
> > people outside my complex to access my LAN.
> 
> Is the box forwarding packets? (ie is the sysctl variable
> net.inet.ip.forwarding 0 or 1?)  If not, then you already have a firewall 8)
> 
> If it is (ie. you are connecting to the net from your LAN) then you are
> currently vulnerable.
> 
> My _personal_ preference for this situation is to turn of forwarding and 
> install a SOCKS proxy on the gateway box.  This works for me and our 
> application mix here, it may not work for you.
> 

A SOCKS proxy is my preference also.  A nice side effect of using SOCKS
is that you may DNS reserved IP space (10.x || 192.168.x) for the LAN 
behind the proxy.  This saves the IP allocations for something that really 
needs it.  

Of course we will all be using IP v6 next week friday, so maybe this 
isn't so important. : 0

      __            __    __
  ___/ /__ _______ / /__ / /              503.232.9480
 / _  / -_) __/ -_)  '_// _ \             ----------------------
 \_,_/\__/_/  \__/_/\_\/_.__/@ibs-us.net  I only need a tablesaw and milk.
  <fisbis@ibs-us.net>