Date: Mon, 14 Jan 2002 01:19:39 -0800 From: "Crist J . Clark" <cristjc@earthlink.net> To: Andreas Klemm <andreas@FreeBSD.ORG> Cc: freebsd-net@FreeBSD.ORG Subject: Re: FIREWALL_FORWARD vs. using /sbin/natd ? Message-ID: <20020114011939.G24290@blossom.cjclark.org> In-Reply-To: <20020114084023.GB1929@titan.klemm.gtn.com>; from andreas@FreeBSD.ORG on Mon, Jan 14, 2002 at 09:40:23AM %2B0100 References: <20020113105636.GA88221@titan.klemm.gtn.com> <20020113232541.E24290@blossom.cjclark.org> <20020114084023.GB1929@titan.klemm.gtn.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 14, 2002 at 09:40:23AM +0100, Andreas Klemm wrote: > On Sun, Jan 13, 2002 at 11:25:41PM -0800, Crist J . Clark wrote: > > On Sun, Jan 13, 2002 at 11:56:36AM +0100, Andreas Klemm wrote: > > > I found a document describing a firewall design only using natd > > > for redirects to internal network resources. (Hi Marshall, therefore > > > Cc: to you, since its yours and I have a question). > > > > > > http://www.rootprompt.net/freebsd_firewall.html > > > > > > Based on these informations I think I could get rid of natd entirely. > > > > Why do you say that? His example uses natd(8). > > He uses it only on the internal network card to redirect > 2 application to inside machines. Look in the config ! It is also there for any machine on his 192.168.1.0/24 internal network to communicate with machines out on the Internet, and it is running on the _external_ interface (fxp0) not the internal one. [snip] > > > Are there some things to take care of, when using FIREWALL_FORWARD ? > > > > Yes, but nothing to do with NAT. > > BUT WHAT does FIREWALL_FORWARD actually does ???? Look for 'fwd' in ipfw(8). > What happens if I define it in kernel, stop nat ? Nothing to do with NAT. It's for making 'fwd' rules. -- "It's always funny until someone gets hurt. Then it's hilarious." Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020114011939.G24290>