From owner-freebsd-doc  Sun Nov 17  7:57:56 2002
Delivered-To: freebsd-doc@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 397EA37B401
	for <doc@FreeBSD.org>; Sun, 17 Nov 2002 07:57:55 -0800 (PST)
Received: from staff3.cso.uiuc.edu (staff3.cso.uiuc.edu [128.174.5.54])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8B67143E3B
	for <doc@FreeBSD.org>; Sun, 17 Nov 2002 07:57:54 -0800 (PST)
	(envelope-from fgasper@uiuc.edu)
Received: from uiuc.edu (nh-chicory.csh.uiuc.edu [128.174.169.161])
	by staff3.cso.uiuc.edu (8.11.0/8.11.0) with ESMTP id gAHFvrJ09436
	for <doc@FreeBSD.org>; Sun, 17 Nov 2002 09:57:53 -0600 (CST)
Message-ID: <3DD7BC7C.4070101@uiuc.edu>
Date: Sun, 17 Nov 2002 09:57:48 -0600
From: Felipe Gasper <fgasper@uiuc.edu>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: doc@FreeBSD.org
Subject: NAT coverage in FBSD handbook
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-doc@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-doc.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-doc>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-doc>
X-Loop: FreeBSD.org

To whom it may concern:

	Could a section be added to the FBSD handbook's chapter on NAT that 
would address the necessary rules to add to a custom ipfw ruleset? Right 
now the only instructions given tell the user to leave his/her firewall 
wide open, which doesn't strike me as the best setup as far as security.
	Netfiler.org has nice documentation for manually adding rules to 
iptables for NAT. Perhaps even just a section suggesting these rules?

deny ip from 192.168.0.0/16 to any in recv ${natd_interface}
divert 8668 ip from any to any via ${natd_interface}
allow ip from any to 192.168.0.0/16
allow ip from 192.168.0.0/16 to any

	Thank you for your time.

-- 
------------------------
Felipe M. L. Gasper
http://fgmusic.org

Judge ideas, not people.
Love people, not ideas.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message