Date: Wed, 11 Jul 2001 01:37:35 -0400 (EDT) From: Francisco Reyes <lists@natserv.com> To: "Jon O ." <jono@microshaft.org> Cc: FreeBSD Security List <freebsd-security@freebsd.org> Subject: Re: Fixed Cant ping/nslookup. Natd rule not on top Message-ID: <20010711013121.L1479-100000@zoraida.natserv.net> In-Reply-To: <20010710193644.A9624@networkcommand.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 Jul 2001, Jon O . wrote: > Francisco: > > The divert rule should be placed in your ruleset as needed and can't be defined as "always on top." > > For example, I connect to a Firewall-1/VPN-1 server using my FreeBSD gateway. In this case I don't want the divert rule applied to packets going to VPN machines because I want to come from the real inside network address, not a NAT'ed hide address. So, it can cause problems because you are allowing the packet through the firewall, but then don't notice what the divert rule is doing to it -- I've done it and I'm sure many other people have also. Once you figure it out, you'll always remember to look at the divert rule too. Any recommendations where I could read more on NAT? The natd man page is a good start, but I was thinking more along the lines of a tutorial or examples. Does NATD let the packets continue through IPFW after it changes the source address? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010711013121.L1479-100000>