Date: Fri, 2 Oct 1998 13:08:12 +0400 From: ark@eltex.ru To: agalindo@servidor.exsocom.com.mx Cc: kim@tinker.com, questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Firewall with 2 NIC and a NET class C Message-ID: <199810020908.NAA21458@paranoid.eltex.spb.ru> In-Reply-To: <Pine.BSF.3.96.981001095955.29413B-100000@servidor.exsocom.com.mx> from "Alejandro Galindo Chairez AGALINDO <agalindo@servidor.exsocom.com.mx>"
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
nuqneH,
Alejandro Galindo Chairez AGALINDO <agalindo@servidor.exsocom.com.mx> said :
> > You have a couple of ways to approach this. You could use network address
> > translation and have private addresses for all your machines. The "public"
> > machines would have static mappings to real IP addresses that are aliased
> > on the outside interface of the firewall. You would also use ipfw rules to
> > control the traffic.
>
> ok i like the idea to have static mappings to real IP addrs. that are
> aliased on the out interface, how can i do that?
It is definitely BAD idea. It breaks any reasonable security policy.
_ _ _ _ _ _ _
{::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
(##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
[||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBNhSX+qH/mIJW9LeBAQHDNwP/XR/kLkpLZI+BEl6gprGLbzcqm0Ro6G8M
nDrWaMU6P9zKve2QDnsna2dnHvoZ/1ffjNa4GSiWped74MfeFZ37ejXypkeKFm1z
VYR6vRP7451qiadyZ0W92rYxdSrzZ6+vphTbH/XllmfPWC1YIGb8dcHoUzfD53rd
gAg3db5fZ6Y=
=PJCP
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810020908.NAA21458>