Date: Mon, 30 Oct 2000 16:32:28 -0500 From: "Peter Brezny" <peter@sysadmin-inc.com> To: <freebsd-ipfw@freebsd.org> Subject: rc.firewall by default does not allow nat of private internal addresses? Message-ID: <001701c042b8$e7f54340$47010a0a@fire.sysadmininc.com>
next in thread | raw e-mail | index | archive | help
Could someone explain to me why the default configuratoin of rc.firewall using the 'simple' configuration does not allow privat ip's to be used on the internal network? I was assuming that since the natd rule is _above_ the deny ip from 10.0.0.0/8 to any via ${oif} ipfw would not 'realize' that the packet originated on 10.0.0.0/8 and would pass it (since natd should have already translated the packet to the external ip before it leaves via the ${oif}...right? any enlightenment on this issue would be greatly appreciated. but as written, it appears to me that the rc.firewall provided with 4.1 is useless unless you pull out the limits of RFC1918 or at least change them to deny all from 10.0.0.0/8 to any in via ${oif} TIA. Peter Brezny SysAdmin Services, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001701c042b8$e7f54340$47010a0a>