Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 7 Nov 2000 10:37:40 +1100
From:      Zero Sum <count@shalimar.net.au>
To:        stable@FreeBSD.ORG
Subject:   Re: rc.firewall script & natd on 4.1.1
Message-ID:  <00110710374004.54481@shalimar.net.au>
In-Reply-To: <20001106123849.A53955@dragon.nuxi.com>
References:  <3A05D143.8DF86396@cuk.nu> <3A06DD19.7F055C8B@enc.edu> <20001106123849.A53955@dragon.nuxi.com>

next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----

On Tuesday 07 November 2000 07:38, you wrote:
> On Mon, Nov 06, 2000 at 11:32:25AM -0500, Charles N. Owens wrote:
> > Whatever the cause (I haven't had time to dig) I've boiled this down to
> > the bizarre observation that natd refuses to start until the PPP
> > connection has been established.
>
> Why are you using `natd' with PPP?  PPP has built-in NAT and firewall
> functionality.
>
!.  Does it indeed?  If you have a working PPP firewall, I'd love to see
your config.  I have put quite a bit of time on this, and it does not work
"as advertised".

2. PPP firewalling is limited.  It is limited to the PPP port for a start.
There may be other interfaces to the machine.  This requires either ipfw or
ipfilter.  There may be more rules required than PPP permits.

Geoff
--
count@shalimar.net.au
Nihil curo de ista tua stulta superstitione


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: 4YgKOe6YEoQ+Rl2/GAsnExE+T26tBar0

iQA/AwUBOgdAxPh4xz7LU/evEQJUHQCdH6yHvLM0jYwo9AmIf3FVu1YN1XoAoL4X
GIQeYxI2mgtJZJf94it1KOac
=ctJs
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00110710374004.54481>