From owner-freebsd-security Wed Oct 18 11:11:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from virtual.sysadmin-inc.com (lists.sysadmin-inc.com [209.16.228.140]) by hub.freebsd.org (Postfix) with ESMTP id B28CF37B4FE for ; Wed, 18 Oct 2000 11:11:14 -0700 (PDT) Received: from 98wkst ([10.10.1.71]) by virtual.sysadmin-inc.com (8.9.1/8.9.1) with SMTP id OAA17808 for ; Wed, 18 Oct 2000 14:15:27 -0400 Reply-To: From: "Peter Brezny" To: Subject: natd/ipfw and mpd-netgraph for VPN question Date: Wed, 18 Oct 2000 14:11:21 -0400 Message-ID: <000901c0392e$d23150a0$47010a0a@fire.sysadmininc.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org suppose i've got two offices at different locations, each with a cable modem or other 'fast' access using mpd-netgraph on a 4.1 box to create a vpn between them. each office uses their connection to go to the internet as well. Now i need to firewall each connection to the internet. Will natd/ipfw be able to play nice with mpd-netgraph? the natd man page says that options IPFIREWALL options IPDIVERT must be compiled into the kernel however just the line firewall_enable="YES" aparently starts a kernel module for ipfw...is that line in rc.conf enough or does natd really require a recompiled kernel? and finally, would i be better off with a package like SOCKS5 instead of natd/ipfw and would it get along as well with mpd-netgraph? Thanks for your help. Peter Brezny SysAdmin Services, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message