Date: Thu, 09 May 2002 10:41:01 -0500 From: Eric Anderson <anderson@centtech.com> To: freebsd-security@freebsd.org Subject: ipnat and bimapping Message-ID: <3CDA988D.34E2148C@centtech.com>
next in thread | raw e-mail | index | archive | help
I'm setting up a NAT gateway/firewall. It has three interfaces on it (one to
the big bad net, one to the protected net, and one to a DMZ kind of net).
Basically, I'm currently using the first two ports (big bad net, and protected
net), but I'd like to enable that third net, without stabbing myself and
creating security holes, but allowing a single machine to be "wide open" behind
the gateway.
So, here's what my setup looks like:
Internet
|
|
[24.24.24.1/32]
Nat/Gateway box
[10.10.20.1, 10.10.10.1]
/\
/ \
/ \
wide [protected net, 10.10.10.0/24]
open
box
here
[10.10.20.2/32]
Would bimap'ing the 24.24.24.1/32 address to 10.10.20.2/32 work? Or would that
screw up my nat'ing of the 10.10.10.0/24 net? I need all ports NOT nat'ed to
10.10.10.0/24 to go to 10.10.20.2/32. Am I asking for trouble on the protected
net, or is this safe? Is bimap the right thing to use?
How big is the gun that I am about to use to shoot myself in the foot?
Eric
--
------------------------------------------------------------------
Eric Anderson Systems Administrator Centaur Technology
You have my continuous partial attention
------------------------------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CDA988D.34E2148C>