Date: Sun, 13 Jan 2002 11:56:36 +0100 From: Andreas Klemm <andreas@FreeBSD.ORG> To: freebsd-net@FreeBSD.ORG Cc: mckusick@FreeBSD.ORG Subject: FIREWALL_FORWARD vs. using /sbin/natd ? Message-ID: <20020113105636.GA88221@titan.klemm.gtn.com>
next in thread | raw e-mail | index | archive | help
--X1bOJ3K7DJ5YkBrT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I found a document describing a firewall design only using natd for redirects to internal network resources. (Hi Marshall, therefore Cc: to you, since its yours and I have a question). http://www.rootprompt.net/freebsd_firewall.html Based on these informations I think I could get rid of natd entirely. See my previous mail, my problem was, that I can't get it to run for a typical 2 NIC configuration with internal network, DMZ and a router in front of a 512k leased line. Or is this my NAT problem, that additionally I have to use the kernel option FIREWALL_FORWARD, to get NAT for internal users running, 'though all other documents state out, that only IPFIREWALL and IPDIVERT are needed ??? Therefore the question, is using FIREWALL_FORWARD a good replacement for /sbin/natd if you want to give users of the internal network access to the outside world ? Are there some things to take care of, when using FIREWALL_FORWARD ? Does the logic for firewall rules change, or could I still use the templates in /etc/rc.firewall ??? Thanks for help. Thanks Andreas /// --=20 Andreas Klemm - Powered by FreeBSD Need a magic printfilter today ? http://www.apsfilter.org/ Songs from our band >> 64Bits << http://www.64bits.de Inofficial band pages with add-on stuff http://www.apsfilter.org/64bits.ht= ml --X1bOJ3K7DJ5YkBrT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE8QWfjd3o+lGxvbLoRAhNdAJ0YQeYEmC15RwLXbwkZBGGGWeS25gCcCcJQ xFz+3cKp+1gq4t9d9Tj6S3M= =RvRA -----END PGP SIGNATURE----- --X1bOJ3K7DJ5YkBrT-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020113105636.GA88221>