From owner-freebsd-security  Fri Oct  2 02:09:32 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA21549
          for freebsd-security-outgoing; Fri, 2 Oct 1998 02:09:32 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from hosting.doublesquare.com (hosting.doublesquare.com [195.5.128.151])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA21544;
          Fri, 2 Oct 1998 02:09:28 -0700 (PDT)
          (envelope-from )
Received: from eltex.ru (eltex-spiiras.nw.ru [195.19.204.46] (may be forged))
	by hosting.doublesquare.com (8.8.8/8.8.8) with ESMTP id NAA00749; Fri, 2 Oct 1998 13:08:29 +0400 (MSD)
Received: from border.eltex.spb.ru (root@border.eltex.ru [195.19.198.2])
	by eltex.ru (8.8.8/8.8.8) with SMTP id NAA08282; Fri, 2 Oct 1998 13:08:57 +0400 (MSD)
Received: by border.eltex.spb.ru (sSMTP sendmail emulation); Fri, 2 Oct 1998 12:08:44 +0300
Received: from paranoid(10.0.0.2) by border.eltex.spb.ru via smap (V2.1)
	id xma008818; Fri, 2 Oct 98 12:08:22 +0300
Received: (from ark@localhost) by paranoid.eltex.spb.ru (8.8.8/8.7.3) id NAA21458; Fri, 2 Oct 1998 13:08:12 +0400
Date: Fri, 2 Oct 1998 13:08:12 +0400
Message-Id: <199810020908.NAA21458@paranoid.eltex.spb.ru>
In-Reply-To: <Pine.BSF.3.96.981001095955.29413B-100000@servidor.exsocom.com.mx> from "Alejandro Galindo Chairez AGALINDO  <agalindo@servidor.exsocom.com.mx>"
From: ark@eltex.ru
Organization: "Klingon Imperial Intelligence Service"
Subject: Re: Firewall with 2 NIC and a NET class C
To: agalindo@servidor.exsocom.com.mx
Cc: kim@tinker.com, questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

Alejandro Galindo Chairez AGALINDO  <agalindo@servidor.exsocom.com.mx> said :
 
> > You have a couple of ways to approach this.  You could use network address
> > translation and have private addresses for all your machines.  The "public"
> > machines would have static mappings to real IP addresses that are aliased
> > on the outside interface of the firewall.  You would also use ipfw rules to
> > control the traffic.
> 
> ok i like the idea to have static mappings to real IP addrs. that are
> aliased on the out interface, how can i do that?

It is definitely BAD idea. It breaks any reasonable security policy.

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNhSX+qH/mIJW9LeBAQHDNwP/XR/kLkpLZI+BEl6gprGLbzcqm0Ro6G8M
nDrWaMU6P9zKve2QDnsna2dnHvoZ/1ffjNa4GSiWped74MfeFZ37ejXypkeKFm1z
VYR6vRP7451qiadyZ0W92rYxdSrzZ6+vphTbH/XllmfPWC1YIGb8dcHoUzfD53rd
gAg3db5fZ6Y=
=PJCP
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message