From owner-freebsd-questions@FreeBSD.ORG  Mon Nov 29 13:21:26 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 168D516A4CE
	for <freebsd-questions@freebsd.org>;
	Mon, 29 Nov 2004 13:21:26 +0000 (GMT)
Received: from xenial.mcc.ac.uk (xenial.mcc.ac.uk [130.88.203.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3BAAE43D45
	for <freebsd-questions@freebsd.org>;
	Mon, 29 Nov 2004 13:21:25 +0000 (GMT)
	(envelope-from jcm@FreeBSD-uk.eu.org)
Received: from dogma.freebsd-uk.eu.org ([130.88.200.97])
	by xenial.mcc.ac.uk with esmtp (Exim 4.43 (FreeBSD))
	id 1CYlT2-0004yN-8I; Mon, 29 Nov 2004 13:21:24 +0000
Received: from dogma.freebsd-uk.eu.org (localhost [127.0.0.1])
	iATDLJlZ066769;	Mon, 29 Nov 2004 13:21:23 GMT
	(envelope-from jcm@dogma.freebsd-uk.eu.org)
Received: (from jcm@localhost)
	by dogma.freebsd-uk.eu.org (8.12.10/8.12.6/Submit) id iATDLEfD066761;
	Mon, 29 Nov 2004 13:21:14 GMT
Date: Mon, 29 Nov 2004 13:21:14 +0000
From: Jonathon McKitrick <jcm@FreeBSD-uk.eu.org>
To: Ruben de Groot <mail25@bzerk.org>,
	Giorgos Keramidas <keramida@ceid.upatras.gr>,
	freebsd-questions@freebsd.org
Message-ID: <20041129132114.GA66047@dogma.freebsd-uk.eu.org>
References: <20041127215612.GA86416@dogma.freebsd-uk.eu.org>
	<20041128013135.GD662@gothmog.gr>
	<20041128044847.GA1435@dogma.freebsd-uk.eu.org>
	<20041128122741.GB43088@gothmog.gr> <20041129113020.GA72673@ei.bzerk.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20041129113020.GA72673@ei.bzerk.org>
User-Agent: Mutt/1.4i
Subject: Re: Is this a hole in my firewall?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Nov 2004 13:21:26 -0000

On Mon, Nov 29, 2004 at 12:30:20PM +0100, Ruben de Groot wrote:
: He's using ppp-nat. So packets from his laptop will first hit rule #300 and
: only after that get "nat'ed". I believe this is normal behaviour.

Ah, yes.  I always forget about ppp-nat.

So, then, is this the best way to allow my laptop packets out?  Or does it
still leave the laptop exposed?  I'd like to protect all the machines with
one firewall, while keeping it simple, if possible.


jm
--