From owner-freebsd-questions  Tue Jan 25 14:49:19 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.cybcon.com (mail.cybcon.com [216.190.188.5])
	by hub.freebsd.org (Postfix) with ESMTP id 645C915612
	for <freebsd-questions@FreeBSD.ORG>; Tue, 25 Jan 2000 14:48:53 -0800 (PST)
	(envelope-from freebsd@cybcon.com)
Received: from laptop.cybcon.com (william@usr1-31.cybcon.com [205.147.75.32])
	by mail.cybcon.com (8.9.3/8.9.3) with ESMTP id OAA12474;
	Tue, 25 Jan 2000 14:49:03 -0800 (PST)
Message-ID: <XFMail.000125144417.freebsd@cybcon.com>
X-Mailer: XFMail 1.4.0 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <Pine.BSF.4.21.0001251434080.57090-100000@pogo.caustic.org>
Date: Tue, 25 Jan 2000 14:44:17 -0800 (PST)
From: William Woods <freebsd@cybcon.com>
To: "f.johan.beisser" <jan@caustic.org>
Subject: Re: DSL natd rules....
Cc: freebsd-questions@FreeBSD.ORG
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Guess I dident explain what I meant, sorry. The cicso is going to filter smb
from the outside, and smb only. That means I can run samba inside. The NAT box
is also going to run ipfw and filter a lot more.

Hope that clarifies a bit..



On 25-Jan-00 f.johan.beisser wrote:
> 
> i'd actually use the NAT box as a firewall, since it can do a bit more
> than cisco's IOS can..
> 
> on the other hand, depending on how much protection you really want or
> need, you might do the packetfiltering from the cisco anyway.
> 
> IPFW or IPFilter are both really powerful tools in controlling the flow of
> data from one network to the other. you should check both out pretty
> extensivly. i've recently switched to IPFilter (it's slightly more
> powerful, IMHO).
> 
> anyhow, that's my two cents.
> 
> -- jan
> 
> On Tue, 25 Jan 2000, William Woods wrote:
> 
>> >   so, questions:
>> > 
>> >   1 - is the cisco going to firewall, or do you want the freebsd box to do
>> >   it?
>> 
>> The cisco will be a REAL BASIC firewall, blocking all smb from the outside
>> so I
>> can run samba inside.
>>  
>> >   2 - do you need to access the network from anywhere else?
>> 
>> Nope
>> 
>> I will re-read that page on natd also, thanks
> 
> 
> 
>  +-----//  f. johan beisser  //------------------------------+
>   email: jan[at]caustic.org   web: http://www.caustic.org/~jan 
>    "knowledge is power. power corrupts. study hard, be evil."

----------------------------------
E-Mail: William Woods <freebsd@cybcon.com>
Date: 25-Jan-00
Time: 14:43:04

This message was sent by XFMail
----------------------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message