Date: Sun, 10 Dec 2000 21:12:59 -0500 (EST) From: Chris Hill <chris@monochrome.org> To: Jonathan Chen <jonathan.chen@itouch.co.nz> Cc: Sean Peck <speck@newsindex.com>, "Crist J. Clark" <cjclark@reflexnet.net>, freebsd-questions@FreeBSD.ORG Subject: Re: Configuring Gateway/NAT on Freebsd Message-ID: <Pine.BSF.3.96.1001210210256.44937A-100000@localhost> In-Reply-To: <20001211145157.A15455@jonc.itouch>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 11 Dec 2000, Jonathan Chen wrote: > On Sun, Dec 10, 2000 at 05:24:50PM -0800, Sean Peck wrote: > [...] > > I have the NIC listening to both IP's at least in theory, 172.16.0.1 and > > my public space IP... I assume that it must be listening there as well... > > perhaps incorrectly. > > For a firewall, you need to have 2 NICs. One for your i/f to the 'Net, > and one for your i/f to your internal network. If Sean's connection to the outside world is via ppp, his outside interface would be tun0 or ppp0, depending. The second interface would be some random ethernet card connected to the other machines on the LAN. > Think of a stream of information that must pass in thru' your f/w > rules before it can go out thru' the second i/f to your internal > network. Yes. Although in the simplest case of NAT, the only firewall rule is the one that tells NAT to do its thing. > If your i/f to the 'Net is a dial-up ppp link, you set up ppp to > handle nat with a -nat option, instead of using 'natd'. Well... you don't *have* to; you *can* use natd while using ppp. Just set your "outside" interface (in /etc/rc.conf) to be tun0 or ppp0. I was doing this for years and it worked fine. Having said that, consensus on the list seems to be that it's better to use userland ppp's NATting feature, rather than natd. I'm not sure why. -- Chris Hill chris@monochrome.org [1] Bus error netscape To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1001210210256.44937A-100000>