From owner-freebsd-hackers Mon Feb 12 06:47:03 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id GAA03375 for hackers-outgoing; Mon, 12 Feb 1996 06:47:03 -0800 (PST) Received: from border.com (janus.border.com [199.71.190.98]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id GAA03370 for ; Mon, 12 Feb 1996 06:46:59 -0800 (PST) Received: by janus.border.com id <20484-1>; Mon, 12 Feb 1996 09:48:44 -0500 Date: Mon, 12 Feb 1996 09:46:28 -0500 From: Jerry Kendall To: FreeBSD Hackers Subject: Re: Network Address Translation In-Reply-To: <96Feb12.094533est.20482-1@janus.border.com> Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Message-Id: <96Feb12.094844est.20484-1@janus.border.com> Sender: owner-hackers@FreeBSD.org Precedence: bulk OK all you hackers, I read this in comp.security.firewalls What about FreeBSD as a firewall tool...? On Fri, 9 Feb 1996, Dave Mischler wrote: > > In article <4f786g$ec@Dortmund.Germany.EU.net>, sel05@sel05.bertelsmann.de (Olaf Selke) says: > > >If u look for an easy and low cost solution, use a PC and install Linux. > > This is a workable solution, but I don't think it is the easiest. > > >If u use internally the e.g. the class A net 10.0.0.0, all outgoing > >packets will get the source ip address (this one must be official) of > >your Linux box's public interface. The main drawback in this solution > >is that u can't establish a connection from outside your ip address > >translator to machines inside without logging into your translator. > > Check out http://www.mischler.com/iproute/ for another solution that > doesn't have this drawback. You can redirect incoming requests to > your public IP address to an internal machine on a port-by-port basis. > > IPRoute is a $50 shareware package that runs on a dedicated DOS PC (a > 286 will do in a pinch). It supports ethernet packet drivers, PPP, > SLIP, packet filtering, address translation, event and packet logging > to a syslog daemon, etc. > > - Dave > > Dave Mischler (Dave@Mischler.COM) wrote: > : Check out http://www.mischler.com/iproute/ for another solution that > : doesn't have this drawback. You can redirect incoming requests to > : your public IP address to an internal machine on a port-by-port basis. > > Use plug-gw from the TIS FWTK. Lets you do port "redirection" (I > think you mean tunnelling) on a source address-by-source address > basis, as well as port-by-port. (For TCP, anyway.) > > Also free. > > : IPRoute is a $50 shareware package that runs on a dedicated DOS PC (a > : 286 will do in a pinch). It supports ethernet packet drivers, PPP, > : SLIP, packet filtering, address translation, event and packet logging > : to a syslog daemon, etc. > > Sounds like Linux to me, although you'd need >= a 386, and it won't > cost you the $50. > > And with Linux, you get the source, and a large body of developers for > support. > > Mike > > -- > #> Mike Shaver (shaver@ingenia.com) Ingenia Communications Corporation <# > #> Technical Specialist -- will tame sendmail(8) for food <# > #> <# > #> "You are a very perverse individual, and I think I'd like to get to <# > #> know you better." --- eric@reference.com <# > > -------------------------------------------------------------------------------- Any comments or opinions in this message are my own and may or may not reflect the comments or opinions of my present or previous employers. Jerry Kendall Border Network Technologies Inc. System Software Engineer Tel +1-416-368-7157 ext 303 jerry@border.com Fax +1-416-368-7178