Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 07 Jun 1998 14:58:30
From:      carl.p.edwards@usa.net
To:        freebsd-questions@FreeBSD.ORG
Subject:   NAT and IPFW security
Message-ID:  <19980607145830.13113.qmail@www02.netaddress.usa.net>

next in thread | raw e-mail | index | archive | help
Hi,

   Consider this network:

 ---------------
| I-net router  |
| 123.123.123.1 |
 ---------------
     |
     |
     |     ---------------------------        -----------
     |    |          "eagle"          |      | "sparrow" |
     >----| 123.123.123.2    10.1.1.1 |------| 10.1.1.2  |
     |    | [ed0]               [ed1] |      |           |
     |     ---------------------------        -----------
     |
     |
     |     ---------------
     |    | "falcon"      |
     >----| 123.123.123.3 |
     *     ---------------

All computers are running FreeBSD 2.2.6. The server "eagle" is running NAT. The way I figured is that if "falcon" was set to have 123.123.123.2 as its default gateway rather than 123.123.123.1 a user on falcon would be able to access "sparrow" simply by telnetting or whatever to 10.1.1.2. Now if this rule was applied on "eagle":

   1000 deny all from 123.123.123.1/24 to 10.1.1.1/24 via ed0

This would prevent that, right? But what if "falcon" had a HTTP daemon running and a user on "sparrow" would want to browse it, would that also be blocked?

I'm not 100% clear on how IPFW and NAT works together so any help would be appreciated.

Thanks
Carl


____________________________________________________________________
Get free e-mail and a permanent address at http://www.netaddress.com/?N=1

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980607145830.13113.qmail>