Date: Sun, 1 Aug 1999 19:27:43 -0400 (EDT) From: Alfred Perlstein <bright@rush.net> To: paz <paz@apriori.net> Cc: "Paul R. Petitt" <prpetitt@theshop.net>, freebsd-questions@FreeBSD.ORG Subject: RE: ipchains in FreeBSD Message-ID: <Pine.BSF.3.96.990801192218.20420c-100000@cygnus.rush.net> In-Reply-To: <Pine.BSF.4.10.9908011820590.3194-100000@gw.apriori.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 1 Aug 1999, paz wrote:
>
> On Sun, 1 Aug 1999, Paul R. Petitt wrote:
>
> : At 08:54 AM 7/31/99 -0400, paz wrote:
> : >
> : >
> : >My config:
> : >FreeBSD 2.2.7;
> : >ISDN Terminal Adapter;
> : >Static IP with my service provider; (i.e., one!)
> : >domain name name service from ISP;
> : >full-time connection;
> : >local gateway host is the FreeBSD box;
> : >local area net at home uses the gateway to get to the internet;
> : >gateway uses natd to hide local net from internet;
> ^^^^^^^^^^^^^^^^^
> : >local net uses non-routable addresses, 192.168.xxx.xxx;
> : >my domain name is apriori.net;
> : >my Windoze box is named cpriori.apriori.net;
> : >the FreeBSD gateway box is named gw.apriori.net;
> : >daemons running on gateway host include:
> : >-- natd
> ^^^^
> : >-- named
> : >-- ipfw
> ^^^^
> : >-- pppd
> : >(There are others, but probably not important for this discussion.)
> : >Also running tcp wrappers.
> ^^^^^^^^^^^^^^^^^^^^^^^^^
> The original topic regarded the possible availability of ipchains in
> FreeBSD and alternatives thereof. My reading of its characteristics led me
> to believe that its mapping techniques provided the equivalent services to
> what I currently run, with the added benefit of following shifting port
> addresses without losing the host-to-host mapping when using natd.
>
> ipchains is freely distributed with the current versions of Linux. Since
> I'm a FreeBSD fan, I'd prefer to stay with this OS than try to migrate to
> Linux.
The same misconfiguration you have going with freebsd will persist
no matter what firewall type software FreeBSD chooses to integrate
and even if you migrate to Linux.
I suggest you look at the documented "-redirect_port" feature of
natd to divert the traffic going to the ports you mentioned in
your earlier email to the machine behind the firewall.
you may also want to try the "-redirect_address" and you
most definetly want to add the "-use_sockets" and "-same_ports"
good luck,
-Alfred Perlstein - [bright@rush.net|bright@wintelcom.net]
systems administrator and programmer
Wintelcom - http://www.wintelcom.net/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990801192218.20420c-100000>