Date: Mon, 30 Oct 2000 16:32:28 -0500 From: "Peter Brezny" <peter@sysadmin-inc.com> To: <freebsd-ipfw@freebsd.org> Subject: rc.firewall by default does not allow nat of private internal addresses? Message-ID: <001701c042b8$e7f54340$47010a0a@fire.sysadmininc.com>
next in thread | raw e-mail | index | archive | help
Could someone explain to me why the default configuratoin of rc.firewall
using the 'simple' configuration does not allow privat ip's to be used on
the internal network?
I was assuming that since the natd rule is _above_ the
deny ip from 10.0.0.0/8 to any via ${oif}
ipfw would not 'realize' that the packet originated on 10.0.0.0/8 and would
pass it (since natd should have already translated the packet to the
external ip before it leaves via the ${oif}...right?
any enlightenment on this issue would be greatly appreciated.
but as written, it appears to me that the rc.firewall provided with 4.1 is
useless unless you pull out the limits of RFC1918 or at least change them to
deny all from 10.0.0.0/8 to any in via ${oif}
TIA.
Peter Brezny
SysAdmin Services, Inc.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001701c042b8$e7f54340$47010a0a>