Date: Mon, 6 Sep 1999 23:10:15 -0500 (CDT) From: "Bryan Smith (Administrator)" <bryan@valiant.cis.hcc.cc.il.us> To: "Dmitriy V. Bokiy" <ratebor@cityline.ru> Cc: freebsd-security@FreeBSD.ORG Subject: Re: newbie: natd Message-ID: <Pine.LNX.4.10.9909062306280.10516-100000@valiant.cis.hcc.cc.il.us> In-Reply-To: <1447.990905@cityline.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
deny everything that you do not have explicitly allowed in. if your kernel config is still set to default deny, then it's every address coming in reguardless of ipfw rules. if you want some addresses allowed in, enter those rules with ipfw before any rule denying incoming packets. Bryan Smith The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own rediness to receive him, not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. -- Sun-Tzu The Art of Warfare On Sun, 5 Sep 1999, Dmitriy V. Bokiy wrote: > >From natd(8): > > "-deny_incoming | -d > Reject packets destined for the current IP number that have > no entry in the internal translation table." > > My question is what packets are affected by this option? Packets with public > addresses(I mean this scheme:Internet-->router(ipfw+NAT)-->subnet1(public addresses)-> > ->router(ipfw)-->subnet2(reserved addresses))? > > --Dmitriy > > P.S. Sorry, if it`s dull question. > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.9909062306280.10516-100000>