Date: Wed, 17 Jul 2002 14:26:06 +0200 From: Bart Matthaei <bart@dreamflow.nl> To: Sabri Berisha <sabri@cluecentral.net> Cc: "Carroll, D. (Danny)" <Danny.Carroll@mail.ing.nl>, security@freebsd.org Subject: Re: ipfw and it's glory... Message-ID: <20020717122606.GD40276@heresy.dreamflow.nl> In-Reply-To: <20020717141338.M82632-100000@doos.cluecentral.net> References: <20020717120231.GB40276@heresy.dreamflow.nl> <20020717141338.M82632-100000@doos.cluecentral.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 17, 2002 at 02:16:29PM +0200, Sabri Berisha wrote: > > Natd on a firewall ? Firewalling a public network ? I don't think so > > :) > > Nothing wrong with that. In fact, you might even want to consider using > natd only if you don't use the box for another purpose. I wouldn't advise running natd on a firewall serving a large network, since it runs in userland. IPnat is an option, though. Anyway, back to the original issue: I'd rather not use PunchFW on a large network. They don't call > 1024 un-privileged for nothing. No need firewalling all of them. Just a few daemons that use them, like Mysql and X. Cheers, Bart -- Bart Matthaei bart@dreamflow.nl If at first you don't succeed, redefine success. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020717122606.GD40276>