From owner-freebsd-questions  Tue Oct 31  7:45:44 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.rdc1.ne.home.com (ha1.rdc1.ne.home.com [24.2.4.66])
	by hub.freebsd.org (Postfix) with ESMTP id 4E1C437B4CF
	for <freebsd-questions@FreeBSD.ORG>; Tue, 31 Oct 2000 07:45:40 -0800 (PST)
Received: from cx443070b ([24.0.36.170]) by mail.rdc1.ne.home.com
          (InterMail vM.4.01.03.00 201-229-121) with SMTP
          id <20001031154537.TXQW16034.mail.rdc1.ne.home.com@cx443070b>;
          Tue, 31 Oct 2000 07:45:37 -0800
Message-ID: <003601c04351$ec960300$aa240018@cx443070b>
From: "Jeremiah Gowdy" <jgowdy@home.com>
To: <cjclark@alum.mit.edu>, "Daniel Ruthardt" <ruthardt@chello.at>
Cc: <freebsd-questions@FreeBSD.ORG>
References: <20001029143205.X75251@149.211.6.64.reflexcom.com> <KDEOJJLADGAOLHAHFGMKCEDBCBAA.ruthardt@chello.at> <20001030111946.A3675@149.211.6.64.reflexcom.com>
Subject: Re: IP Masquerading - Using NAT
Date: Tue, 31 Oct 2000 07:47:50 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> Looks pretty good except for one big problem, you are trying to use a
> single interface. natd(8) is designed to be used with multiple
> interfaces. It does not work well with one. Each packet will go
> through natd(8) twice and this tends to really confuse it.

Hmm.  I won't presume to say you're wrong, but I've done natd on a single
interface in three different setups, and they run perfectly.  Of course you
would want to make sure your router, modem, dsl device, etc wasn't going to
accept any non-routable IP packets, especially if you're using IP based
security like in Samba.

> There are other problems with this scheme. First, if you were planning
> to later add firewall rules for security, they will offer little
> protection since your machines are still naked on the net. Second, you
> are likely going to be leaking your "private" address traffic onto
> your LAN (and from there who knows where it may get routed).

Why would anything route a 10.0.0.x or 192.168.x.x ?  I'm not contradicting
you, I'm curious.





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message