Date: Sat, 21 Nov 1998 21:36:44 -0500 (EST) From: Vinnie Yesue <vinnie@picketfence.suburbs.net> To: freebsd-questions@FreeBSD.ORG Subject: natd and ipfw Message-ID: <Pine.BSF.4.01.9811212130500.29460-100000@picketfence.suburbs.net> In-Reply-To: <Pine.BSF.3.96.981121211910.276B-100000@PigStuy.dyn.ml.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm using natd to run 4 machines with only 1 ip. I have 1 router-like box with 2 ether cards and 1 ip assigned to it. One of the ethers is plugged into the school ethernet, the other into my hub, with 3 other devices plugged in. I want to allow users on the inside to establish DNS, HTTP and SSH connections to the outside world, but i dont want any packets other than established connections of those sorts getting past my router. Additionally, I need to be able to ssh into the router from 1 particular ip, as well as ssh from the router thru into the local machines. I think I could do this if I had each host with its own ip address, but thats not the case. natd seems to be throwing a bit of wierdness into the mix. Where do I want to put my "divert" rule? should I put all traffic going through the router through divert? just traffic thats coming from inside? Once ip addresses of packets that are from the inside masqueraded network and to the outside world have had their contents adjusted by natd, they are "reinjected into the ip stream" according to the natd manpage. Are they reinjected before or after ipfw? Thanks for any help. vinnie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.01.9811212130500.29460-100000>