Date: Sun, 13 Jan 2002 23:25:41 -0800 From: "Crist J . Clark" <cjc@FreeBSD.ORG> To: Andreas Klemm <andreas@FreeBSD.ORG> Cc: freebsd-net@FreeBSD.ORG Subject: Re: FIREWALL_FORWARD vs. using /sbin/natd ? Message-ID: <20020113232541.E24290@blossom.cjclark.org> In-Reply-To: <20020113105636.GA88221@titan.klemm.gtn.com>; from andreas@FreeBSD.ORG on Sun, Jan 13, 2002 at 11:56:36AM %2B0100 References: <20020113105636.GA88221@titan.klemm.gtn.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 13, 2002 at 11:56:36AM +0100, Andreas Klemm wrote: > I found a document describing a firewall design only using natd > for redirects to internal network resources. (Hi Marshall, therefore > Cc: to you, since its yours and I have a question). > > http://www.rootprompt.net/freebsd_firewall.html > > Based on these informations I think I could get rid of natd entirely. Why do you say that? His example uses natd(8). > See my previous mail, my problem was, that I can't get it to run > for a typical 2 NIC configuration with internal network, DMZ and > a router in front of a 512k leased line. You didn't inlcude your firewall rules. > Or is this my NAT problem, that additionally I have to use the kernel > option FIREWALL_FORWARD, You don't need it. > to get NAT for internal users running, > 'though all other documents state out, that only IPFIREWALL and > IPDIVERT are needed ??? But it shouldn't cause problems. > Therefore the question, is using FIREWALL_FORWARD a good > replacement for /sbin/natd if you want to give users of > the internal network access to the outside world ? FIREWALL_FORWARD has nothing to do with NAT. > Are there some things to take care of, when using FIREWALL_FORWARD ? Yes, but nothing to do with NAT. > Does the logic for firewall rules change, or could I still use the > templates in /etc/rc.firewall ??? For what? -- "It's always funny until someone gets hurt. Then it's hilarious." Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020113232541.E24290>