Date: Wed, 17 Jul 2002 14:16:29 +0200 (CEST) From: Sabri Berisha <sabri@cluecentral.net> To: Bart Matthaei <bart@dreamflow.nl> Cc: "Carroll, D. (Danny)" <Danny.Carroll@mail.ing.nl>, <security@freebsd.org> Subject: Re: ipfw and it's glory... Message-ID: <20020717141338.M82632-100000@doos.cluecentral.net> In-Reply-To: <20020717120231.GB40276@heresy.dreamflow.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 17 Jul 2002, Bart Matthaei wrote:
> On Wed, Jul 17, 2002 at 01:57:40PM +0200, Carroll, D. (Danny) wrote:
> > :Some things tend to break when you leave it out. I can't give you any
> > :examples atm, since I don't recall them :)
How about DNS? You send out a query from an high udp port to a dns
server's port 53. It will send you an udp packet to that high port.
> > Been in that world of hurt but I managed to get everything *I* need...
> > (FTP, IRC, ICQ)
> > The only exception was LiveUpdate for Symantec.
> >
> > Punch_FW with natd works for me in these cases, but without nat running
> > I guess it would be harder.
>
> Natd on a firewall ? Firewalling a public network ? I don't think so
> :)
Nothing wrong with that. In fact, you might even want to consider using
natd only if you don't use the box for another purpose.
--
Sabri Berisha - www.megabit.nl - "I route, therefore you are"
- http://www.fordreallysucks.com/more_info.html -
'that particular feeding of Martijn Bevelander, notorious spammer
and whiney repeat-posting troll, was almost a work of art.' (nanae)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020717141338.M82632-100000>