Date: Sun, 07 Jun 1998 14:58:30 From: carl.p.edwards@usa.net To: freebsd-questions@FreeBSD.ORG Subject: NAT and IPFW security Message-ID: <19980607145830.13113.qmail@www02.netaddress.usa.net>
next in thread | raw e-mail | index | archive | help
Hi,
Consider this network:
---------------
| I-net router |
| 123.123.123.1 |
---------------
|
|
| --------------------------- -----------
| | "eagle" | | "sparrow" |
>----| 123.123.123.2 10.1.1.1 |------| 10.1.1.2 |
| | [ed0] [ed1] | | |
| --------------------------- -----------
|
|
| ---------------
| | "falcon" |
>----| 123.123.123.3 |
* ---------------
All computers are running FreeBSD 2.2.6. The server "eagle" is running NAT. The way I figured is that if "falcon" was set to have 123.123.123.2 as its default gateway rather than 123.123.123.1 a user on falcon would be able to access "sparrow" simply by telnetting or whatever to 10.1.1.2. Now if this rule was applied on "eagle":
1000 deny all from 123.123.123.1/24 to 10.1.1.1/24 via ed0
This would prevent that, right? But what if "falcon" had a HTTP daemon running and a user on "sparrow" would want to browse it, would that also be blocked?
I'm not 100% clear on how IPFW and NAT works together so any help would be appreciated.
Thanks
Carl
____________________________________________________________________
Get free e-mail and a permanent address at http://www.netaddress.com/?N=1
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980607145830.13113.qmail>