Date: Tue, 10 Mar 2009 18:52:48 -0400 From: dacoder <dc@dcoder.net> To: freebsd-questions@freebsd.org Subject: puzzling ipnat behavior Message-ID: <20090310225248.GF31232@mail2.dcoder.net>
next in thread | raw e-mail | index | archive | help
i've asked this question before, but i must have been unclear. i hope this is better: i'm puzzled by how ipnat works, particularly by the fact that when the ip's on an inside nic are mapped to the ip on my outside nic, i have to configure ipfilter to allow any ip that might hit the outside nic access to the ip's on the inside nic. so, where wpi0 is the outside nic & the 1st /24 in 10.0.0.0 contains the ip of the inside nic & everything behind it: ipnat.rules: allow wpi0 10.0.0.0/24 -> <ip on outside nic>/32 ipf.rules: pass in quick from any to 10.0.0.0/24 i should have thought that since everything coming from outside to 10.0.0.0/24 is addressed to the <ip on outside nic> this would be sufficient: pass in quick from <ip on outside nic> to 10.0.0.0/24 but it isn't. what's wrong w/ my thinking? & why isn't this rule a security hazard? david coder network engineer emeritus ntt/verio
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090310225248.GF31232>