From owner-freebsd-net Tue Feb 4 16: 3:52 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ADE4D37B401 for ; Tue, 4 Feb 2003 16:03:50 -0800 (PST) Received: from corbulon.video-collage.com (corbulon.video-collage.com [64.35.99.179]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5D7F843F43 for ; Tue, 4 Feb 2003 16:03:46 -0800 (PST) (envelope-from mi+mx@aldan.algebra.com) Received: from mi.us.murex.com (250-217.customer.cloud9.net [168.100.250.217]) by corbulon.video-collage.com (8.12.7/8.12.7) with ESMTP id h1503ZM3068084 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=FAIL); Tue, 4 Feb 2003 19:03:38 -0500 (EST) (envelope-from mi+mx@aldan.algebra.com) Content-Type: text/plain; charset="koi8-u" From: Mikhail Teterin Organization: Virtual Estates, Inc. To: Wes Peters Subject: Re: Does natd(8) really need to see _all_ packets? Date: Tue, 4 Feb 2003 19:04:02 -0500 User-Agent: KMail/1.4.3 Cc: net@FreeBSD.org References: <200302040027.30781@aldan> <200302041142.28554.mi+mx@aldan.algebra.com> <1044402261.16309.8.camel@salty.rapid.stbernard.com> In-Reply-To: <1044402261.16309.8.camel@salty.rapid.stbernard.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200302041903.03437.mi+mx@aldan.algebra.com> X-Scanned-By: MIMEDefang 2.21 (www . roaringpenguin . com / mimedefang) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tuesday 04 February 2003 06:44 pm, Wes Peters wrote: = On Tue, 2003-02-04 at 08:42, Mikhail Teterin wrote: = > On Monday 03 February 2003 08:19 pm, Wes Peters wrote: = > = On Tue, 2003-02-04 at 05:27, Mikhail Teterin wrote: = > = > Hi! = > = > = > = > This question bothered me for a while -- most of the traffic on = > = > my LAN is just that -- local. Yet my gw/firewall machine only = > = > has one interface -- with two IP addresses -- private and public = > = > on it. = > = > = > = > The DSL modem is plugged into the switch just like everything = > = > else. = > = > = > = > I doubt this is a unique setup. = > = > = It may not be unique, but it's certainly not very bright. What = > = resource are you trying to conserve here, a $4 network interface? = > = If so, I can give you a handful of them; one of the local office = > = supply stores was giving them away last December and I picked up = > = several... = > = > Using two cards, were one works fine is against aesthetics :-) = > That's my primary reason, although there are only two slots left in = > the machine, indeed. = OK, that's a completely acceptable answer, but I suspect we're going = to differ strongly on the finer points of "works fine." The primary point is to provide the NAT service. A "REAL" firewall has to be a separate machine with readonly disks and what not. The appartment is not that big :-) "Works fine". = I'm glad you've hit upon a solution that is acceptable. How 'bout = writing it up for one of the online magazines? (Hint hint: Daemon = News, for instance. ;^) It'll be good practice for writing the BSDCon = paper you want to do as well, won't it? I'd rather improve the rc.firewall example script along the lines of the example I posted. That way, noone would need to search Daemon News to have an efficiently working NAT... Having to search the web-sites smacks of Linux :-) -mi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message