Date: Tue, 11 Apr 2000 11:46:29 -0300 (GMT) From: Fernando Schapachnik <fpscha@ns1.via-net-works.net.ar> To: ronnet@mediaone.net (Ron Smith) Cc: freebsd-security@FreeBSD.ORG Subject: Re: (no subject) Message-ID: <200004111446.LAA24588@ns1.via-net-works.net.ar> In-Reply-To: <38F2880D.473F8F8D@mediaone.net> from Ron Smith at "Apr 11, 0 03:03:57 am"
next in thread | previous in thread | raw e-mail | index | archive | help
En un mensaje anterior, Ron Smith escribió: > Thanks to all, > > I have a dual-homed gateway running FreeBSD. The internal LAN (NIC) is > class "C" (192.168.c.d). The external NIC has been assigned a static IP > address from the ISP (63.203.c.d). I'm running NAT, and would like to > know if this will provide enough protection for the internal LAN? I also > have a firewall compiled into the kernel, but the rules prevent NAT from > working whenever the firewall is in any other state except allowing "any > to any". When the firewall is using "open" rules (allowing any to any) > is NAT still providing protection to the internal network? If not, does > anyone have any additional suggestions? My advice would be to tcpdump the external interface and see what packets it generates. This will give you an idea about how to handcraft your firewall rules. Regards. Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fernando@via-net-works.net.ar (54-11) 4323-3333 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004111446.LAA24588>