Date: Tue, 8 Dec 1998 13:00:26 +0200 From: Johann Visagie <wjv@cityip.co.za> To: Mark Mayo <mark@vmunix.com>, questions@FreeBSD.ORG Subject: Re: NATD + firewall - I'm stumped.. Message-ID: <19981208130026.A3262@cityip.co.za> In-Reply-To: <19981208030926.A25214@vmunix.com>; from Mark Mayo on Tue, Dec 08, 1998 at 03:09:26AM -0500 References: <19981208030926.A25214@vmunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 08 Dec 1998 at 03:09 SAST, Mark Mayo wrote: > > Naturally, I'd like to give > a little more protection to the "router" box, but as soon as I try > to do anything without the "add 65000 pass all from any to any" rule > NAT just doesn't seem to want to go. That sounds familiar. :-) > Obviously, I'm doing something wrong > and missing some key fundamental here, but no matter how many ways I > play with the rules it beats me everytime. I don't think you're missing anything. Selectively protecting your gateway box whilst allowing full access (via NAT) to machines shielded behind it does not seem to come naturally to FreeBSD's natd/ipfw. I've had to do this once or twice, though, and I knocked up a preliminary doc of my workaround (mostly for my own future edification), which is available here: http://www.cityip.co.za/~wjv/vdocs/natd.html If there's a better or more efficient way of doing it, I'd like to know... -- V Johann Visagie | wjv@CityIP.co.za | Tel: +27 21 419-7878 | ICQ: 20645559 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981208130026.A3262>