From owner-freebsd-security  Thu Oct  5 21: 7:30 2000
Delivered-To: freebsd-security@freebsd.org
Received: from allmaui.com (server25.aitcom.net [208.234.0.10])
	by hub.freebsd.org (Postfix) with ESMTP id 3B34937B66C
	for <freebsd-security@FreeBSD.ORG>; Thu,  5 Oct 2000 21:07:28 -0700 (PDT)
Received: from allmaui.com (c756043-a.stcla1.sfba.home.com [24.20.23.203])
	by allmaui.com (8.8.8/8.8.5) with ESMTP id AAA02479
	for <freebsd-security@FreeBSD.ORG>; Fri, 6 Oct 2000 00:07:27 -0400
Message-ID: <39DCED87.C7B7FA0B@allmaui.com>
Date: Thu, 05 Oct 2000 21:07:20 +0000
From: Craig Cowen <craig@allmaui.com>
X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG>
Subject: IPFILTER Question
Content-Type: multipart/alternative;
 boundary="------------79612B08DA6CBB83953CBFBD"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--------------79612B08DA6CBB83953CBFBD
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit


I have setup ipf with options  IPFILTER_DEFAULT_BLOCK in my kernel.
When using ipnat, I have 'pass in on (private interface) from
192.168.0.0/24 to any keep state' in my rules.

I have no rules specified for the public interface.
The boxen behind the firewall can surf.

Is this right and why.

Seems to me I have to allow out on the public interface with keep state
for it all to work.


--
Craig Cowen
408-394-6673 Cell
craig-pager@allmaui.com



--------------79612B08DA6CBB83953CBFBD
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
&nbsp;
<br>I have setup ipf with options&nbsp; IPFILTER_DEFAULT_BLOCK in my kernel.
<br>When using ipnat, I have 'pass in on (private interface) from 192.168.0.0/24
to any keep state' in my rules.
<p>I have no rules specified for the public interface.
<br>The boxen behind the firewall can surf.
<p>Is this right and why.
<p>Seems to me I have to allow out on the public interface with keep state
for it all to work.
<br>&nbsp;
<pre>--&nbsp;
Craig Cowen
408-394-6673 Cell
craig-pager@allmaui.com</pre>
&nbsp;</html>

--------------79612B08DA6CBB83953CBFBD--



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message