Date: Wed, 28 Aug 1996 10:51:58 -0700 (PDT) From: Derek Boonstra <fisbis@ibs-us.net> To: hasty@netcom.com Cc: hackers@freebsd.org Subject: Re: routing question Message-ID: <Pine.SOL.3.91.960828103700.10495A-100000@regina> In-Reply-To: <199608280228.LAA10420@genesis.atrad.adelaide.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 28 Aug 1996, Michael Smith wrote:
> Amancio Hasty Jr stands accused of saying:
> >
> > I have a box with an ethernet interface and a slip line.
> > The ethernet is on a different network than the slip line.
> > What i want to know if I have to install a firewall to prevent
> > people outside my complex to access my LAN.
>
> Is the box forwarding packets? (ie is the sysctl variable
> net.inet.ip.forwarding 0 or 1?) If not, then you already have a firewall 8)
>
> If it is (ie. you are connecting to the net from your LAN) then you are
> currently vulnerable.
>
> My _personal_ preference for this situation is to turn of forwarding and
> install a SOCKS proxy on the gateway box. This works for me and our
> application mix here, it may not work for you.
>
A SOCKS proxy is my preference also. A nice side effect of using SOCKS
is that you may DNS reserved IP space (10.x || 192.168.x) for the LAN
behind the proxy. This saves the IP allocations for something that really
needs it.
Of course we will all be using IP v6 next week friday, so maybe this
isn't so important. : 0
__ __ __
___/ /__ _______ / /__ / / 503.232.9480
/ _ / -_) __/ -_) '_// _ \ ----------------------
\_,_/\__/_/ \__/_/\_\/_.__/@ibs-us.net I only need a tablesaw and milk.
<fisbis@ibs-us.net>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.3.91.960828103700.10495A-100000>