Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 13 Jan 2002 23:25:41 -0800
From:      "Crist J . Clark" <cjc@FreeBSD.ORG>
To:        Andreas Klemm <andreas@FreeBSD.ORG>
Cc:        freebsd-net@FreeBSD.ORG
Subject:   Re: FIREWALL_FORWARD vs. using /sbin/natd ?
Message-ID:  <20020113232541.E24290@blossom.cjclark.org>
In-Reply-To: <20020113105636.GA88221@titan.klemm.gtn.com>; from andreas@FreeBSD.ORG on Sun, Jan 13, 2002 at 11:56:36AM %2B0100
References:  <20020113105636.GA88221@titan.klemm.gtn.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 13, 2002 at 11:56:36AM +0100, Andreas Klemm wrote:
> I found a document describing a firewall design only using natd
> for redirects to internal network resources. (Hi Marshall, therefore
> Cc: to you, since its yours and I have a question).
> 
> 	http://www.rootprompt.net/freebsd_firewall.html
> 
> Based on these informations I think I could get rid of natd entirely.

Why do you say that? His example uses natd(8).

> See my previous mail, my problem was, that I can't get it to run
> for a typical 2 NIC configuration with internal network, DMZ and
> a router in front of a 512k leased line.

You didn't inlcude your firewall rules.

> Or is this my NAT problem, that additionally I have to use the kernel
> option FIREWALL_FORWARD,

You don't need it.

> to get NAT for internal users running,
> 'though all other documents state out, that only IPFIREWALL and
> IPDIVERT are needed ???

But it shouldn't cause problems.

> Therefore the question, is using FIREWALL_FORWARD a good
> replacement for /sbin/natd if you want to give users of
> the internal network access to the outside world ?

FIREWALL_FORWARD has nothing to do with NAT.

> Are there some things to take care of, when using FIREWALL_FORWARD ?

Yes, but nothing to do with NAT.

> Does the logic for firewall rules change, or could I still use the
> templates in /etc/rc.firewall ???

For what?
-- 
"It's always funny until someone gets hurt. Then it's hilarious."

Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020113232541.E24290>