From owner-freebsd-security@FreeBSD.ORG Thu May 8 03:39:18 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CDA0237B401 for ; Thu, 8 May 2003 03:39:18 -0700 (PDT) Received: from kremilek.gyrec.cz (kremilek.gyrec.cz [62.168.40.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5911043FDD for ; Thu, 8 May 2003 03:39:17 -0700 (PDT) (envelope-from xskoba1@gyrec.cz) Received: from xskoba1 (helo=localhost) by kremilek.gyrec.cz with local-esmtp (Exim 3.35 #1 (Debian)) id 19Dinw-0008PG-00 for ; Thu, 08 May 2003 12:39:12 +0200 Date: Thu, 8 May 2003 12:39:11 +0200 (CEST) From: xskoba1@kremilek.gyrec.cz To: freebsd-security@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: Subject: bridge and firewall X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 May 2003 10:39:19 -0000 Can anyone help with this. Bridge is enabled, even in sysctl. Firewall is enabled and configured. But my reality is done this way.. Cisco (NATing 192.168.1.0/24) ---- Freebsd Bridge (Public IP) ------ stations (Public IP) (NATing 172.16.0.0/24 192.168.1.xx or something similar) 172.16.0.xx and on one public IP one private witch even one public IP... ok... it looks horribly, but I am not having time to change it... we are going to change IPS and so on... so... what are the rules which should be added users are permited to connect inside.... to public IP trough SSH named is on FreeBSD and used by inner adress (192... 172...) and firewall than behaves strangely... thanks for any idea, unless you want me to reconfigure it at all... it is a school and I am not having time until holiday cheers Rene Skoba