Date: Thu, 21 Jun 2001 10:40:23 -0500 From: "Chuck Rock" <carock@epctech.com> To: <freebsd-ipfw@FreeBSD.ORG> Subject: Natd and IPFW ( I think I've asked before with no help)... Message-ID: <001801c0fa68$7c955c80$1805010a@epconline.net>
next in thread | raw e-mail | index | archive | help
We are deploying FreeBSD firewalls with NATD running as well. Problem 1. We have aliased real IP's on an interface, but natd.cf only lets us forward ports from the original interface IP, not from the aliased IP's. So we have to like four network cards and multiple firewalls to accomplish the desired routing of ports by real IP address to internal private IP's. Has anyone fixed this, or come up with a better solution? Problem 2. We also use Portsentry, and when we forward ports with natd, they forward BEFORE portsentry can see them. So if we have an internal machine as a mail server, and forward a real IP to an internal IP for port 25, but we use portsentry to watch traffic on that real IP, it never sees portscans on IP because natd never passes the packets that don't match the forwarding to the level that Portsentry is watching. Would running natd from rc.local aleviate this? Is that possible? Thanks for your help, Chuck Rock Internet Services Manager EPC Inc. http://www.epctech.com http://www.epconline.com http://www.pconramp.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001801c0fa68$7c955c80$1805010a>