Date: Tue, 4 Feb 2003 19:04:02 -0500 From: Mikhail Teterin <mi+mx@aldan.algebra.com> To: Wes Peters <wes@softweyr.com> Cc: net@FreeBSD.org Subject: Re: Does natd(8) really need to see _all_ packets? Message-ID: <200302041903.03437.mi%2Bmx@aldan.algebra.com> In-Reply-To: <1044402261.16309.8.camel@salty.rapid.stbernard.com> References: <200302040027.30781@aldan> <200302041142.28554.mi%2Bmx@aldan.algebra.com> <1044402261.16309.8.camel@salty.rapid.stbernard.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 04 February 2003 06:44 pm, Wes Peters wrote: = On Tue, 2003-02-04 at 08:42, Mikhail Teterin wrote: = > On Monday 03 February 2003 08:19 pm, Wes Peters wrote: = > = On Tue, 2003-02-04 at 05:27, Mikhail Teterin wrote: = > = > Hi! = > = > = > = > This question bothered me for a while -- most of the traffic on = > = > my LAN is just that -- local. Yet my gw/firewall machine only = > = > has one interface -- with two IP addresses -- private and public = > = > on it. = > = > = > = > The DSL modem is plugged into the switch just like everything = > = > else. = > = > = > = > I doubt this is a unique setup. = > = > = It may not be unique, but it's certainly not very bright. What = > = resource are you trying to conserve here, a $4 network interface? = > = If so, I can give you a handful of them; one of the local office = > = supply stores was giving them away last December and I picked up = > = several... = > = > Using two cards, were one works fine is against aesthetics :-) = > That's my primary reason, although there are only two slots left in = > the machine, indeed. = OK, that's a completely acceptable answer, but I suspect we're going = to differ strongly on the finer points of "works fine." The primary point is to provide the NAT service. A "REAL" firewall has to be a separate machine with readonly disks and what not. The appartment is not that big :-) "Works fine". = I'm glad you've hit upon a solution that is acceptable. How 'bout = writing it up for one of the online magazines? (Hint hint: Daemon = News, for instance. ;^) It'll be good practice for writing the BSDCon = paper you want to do as well, won't it? I'd rather improve the rc.firewall example script along the lines of the example I posted. That way, noone would need to search Daemon News to have an efficiently working NAT... Having to search the web-sites smacks of Linux :-) -mi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200302041903.03437.mi%2Bmx>