Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 14 Apr 1999 13:50:24 -0700 (PDT)
From:      Doug White <dwhite@resnet.uoregon.edu>
To:        Thomas Uhrfelt <thomas.uhrfelt@plymovent.se>
Cc:        "'freebsd-questions@freebsd.org'" <freebsd-questions@FreeBSD.ORG>
Subject:   Re: Gating - IPFilter etc.
Message-ID:  <Pine.BSF.4.03.9904141348420.15989-100000@resnet.uoregon.edu>
In-Reply-To: <01BE85C6.6ECE8680.thomas.uhrfelt@plymovent.se>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 13 Apr 1999, Thomas Uhrfelt wrote:

> The reason for changing the routers IP is that I don't want to change all 
> the clients as we don't use DHCP.

... but you have to change all the machines anyway, so why not?

> I was planning to use IPFilter+IFNAT on the FreeBSD box to accomplish this 
> task. So now I need to know if there is any good beginners documentation on 
> IPFilter + IFNAT and/or if its possible at all to accomplish this using 
> these tools. I also want to put in rather restrictive rules on what is 
> allowed to be passed through the BSD box, so I need a pretty elaborate doc 
> on the IPFilters capabilities ( easy to understand wouldnt be bad either ).

The knobs you need are in rc.conf; you can tune the firewall config in
/etc/rc.firewall.  I suggest leaving the firewall 'open' for now -- it is
more secure than it sounds, since nothing can traverse natd into the
network without an existing connection.

> Anyone care to enlighten me on this subject?

natd, ipfw, rc.conf manpages.

> PS: The later changes will pretty much only involve a static IP on the 
> other side of the router and a hardware VPN sollution ( if anyone can 
> direct me to a VPN sollution for FreeBSD that is good, that would also be 
> appriciated ) DS.

What do you want to VPN?  If you have NT boxen, AltaVista Tunnel is a cool
solution that is NATD-friendly (where MS PPTP is not).

Doug White                               
Internet:  dwhite@resnet.uoregon.edu    | FreeBSD: The Power to Serve
http://gladstone.uoregon.edu/~dwhite    | www.freebsd.org



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.03.9904141348420.15989-100000>