Date: Fri, 15 Feb 2002 09:18:28 -0800 From: "Earl A. Killian" <earl@killian.com> To: Chris Dillon <cdillon@wolves.k12.mo.us> Cc: "Rogier R. Mulhuijzen" <drwilco@drwilco.net>, Michael Sierchio <kudzu@tenebras.com>, Luigi Rizzo <rizzo@icir.org>, <freebsd-ipfw@FreeBSD.ORG>, <freebsd-net@FreeBSD.ORG> Subject: Re: Bug in stateful code? Message-ID: <15469.17124.999950.13271@sax.killian.com> In-Reply-To: <Pine.BSF.4.32.0202151003240.92211-100000@mail.wolves.k12.mo.us> References: <5.1.0.14.0.20020214221354.01c37da0@mail.drwilco.net> <Pine.BSF.4.32.0202151003240.92211-100000@mail.wolves.k12.mo.us>
next in thread | previous in thread | raw e-mail | index | archive | help
Chris Dillon writes: > Date: Fri, 15 Feb 2002 10:20:39 -0600 (CST) > From: Chris Dillon <cdillon@wolves.k12.mo.us> > > If you have the luxury of having more than one IP address available > for the outside interface, you can dedicate one address to natd's use, > and the other to the host machine. Use -deny_incoming on natd, and > use whatever rules you want, including stateful, on the non-NAT > address. This is what I've done and it works fine. This sounds promising, but I am confused by the man page on -deny_incoming. Perhaps you could clarify? It says, "Do not pass incoming packets that have no entry in the internal translation table." Which internal translation table do they mean? If this is the translation table set up when an internal host packet is forwarded to the internet, I don't see how a connection ever gets established. Does "internal translation table" mean something else? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15469.17124.999950.13271>