Date: Tue, 25 Jan 2000 16:17:49 -0500 (EST) From: Jim Flowers <jflowers@ezo.net> To: Brad Guillory <round@baileylink.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Skip, Natd, Ipfw, and VPN Nomads (long) Message-ID: <Pine.BSI.3.91.1000125161007.3807A-100000@lily.ezo.net> In-Reply-To: <20000125113623.A85740@baileylink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
If you aren't interested in nomads logging on to an NT network or using network neighborhood (you can still map drives) then you are OK. You are also OK if you don't need to use natd for Internet browsing with internal hosts but then why have natd at all. Otherwise, unless you can figure out a way to tell outbound client browsing packets to use natd and to tell logon server SMB messages to bypass natd on their way back to the nomad, you are sol. Unfortunately, they both belong to the class of destination address = any. You could use the source address of the logon server to bypass natd but now you can't also have -redirect_port capabilities. Jim Flowers <jflowers@ezo.net> #4 ISP on C|NET, #1 in Ohio On Tue, 25 Jan 2000, Brad Guillory wrote: > Jim, > > Don't you think that using an extra interface is favorable to using > two FreeBSD boxes. I imaging that you would not even have to use > a real second interface. This is a very detailed implementation, > and I appreciate it much because I am about to have to configure > a skip vpn with nomad (DHCP ADSL users). I have only allocated one > at the POP to accomplish this so I am hoping that I am not wrong. > > BMG > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.91.1000125161007.3807A-100000>