Date: Tue, 14 Nov 2000 14:45:13 -0800 From: Steve Reid <sreid@sea-to-sky.net> To: Nuno Teixeira <nuno.teixeira@pt-quorum.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: PPP NAT Gateway security Message-ID: <20001114144513.A888@grok> In-Reply-To: <00c801c04dc4$12a89220$0200a8c0@n2>; from Nuno Teixeira on Mon, Nov 13, 2000 at 10:50:05PM -0000 References: <00c801c04dc4$12a89220$0200a8c0@n2>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 13, 2000 at 10:50:05PM -0000, Nuno Teixeira wrote:
> ppp -background -nat MYISP
> It works OK and I have access to a lot of Internet services.
> My question is: do I need to configure this machine with firewall, so I can
> protect my internal network from the outside net?
You probably don't _need_ a firewall, but it usually is a good idea. In
practice NAT provides some protection, but that is not what NAT is
intended for so I wouldn't rely on it.
The usual way to do it is with ipfw or ipfilter. "man ipfw" and "man
ipf" respectively. Because you're using userland PPP you can also do it
via the ppp daemon ("man ppp"). I would recommend using ipfw or
ipfilter though, as then you don't have to re-write your filter rules
if you ever change to a non-ppp interface. You'll probably find more
ipf/ipfw information than ppp filter information, because ipf and ipfw
are more widely used. Google search for "ipfw howto" or "ipf howto"
should turn up some nice docs.
Both ipfw and ipf are stateful now, so AFAICS the remaining differences
are relatively minor for most people. ipf has been ported to systems
other than FreeBSD; ipfw works with ethernet bridging. There may be
other differences I'm not aware of- I'm an ipf user myself and haven't
used ipfw in years.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001114144513.A888>