Date: Fri, 2 Oct 1998 08:34:59 -0400 (EDT) From: Mike <mike@seidata.com> To: ark@eltex.ru Cc: agalindo@servidor.exsocom.com.mx, kim@tinker.com, questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Firewall with 2 NIC and a NET class C Message-ID: <Pine.BSF.4.01.9810020831130.9982-100000@ns1.seidata.com> In-Reply-To: <199810020908.NAA21458@paranoid.eltex.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2 Oct 1998 ark@eltex.ru wrote: > > ok i like the idea to have static mappings to real IP addrs. that are > > aliased on the out interface, how can i do that? > > It is definitely BAD idea. It breaks any reasonable security policy. "Our recommendation is to obtain and use registered IP addresses if at all possible. If you must use private IP addresses, then use the ones specified by RFC1597, but beware that you're setting youself up for later problem[s]." _Building Internet Firewalls_, Ch. 4, p. 90 D. Brent Chapman & Elizabeth D. Zwicky -mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.01.9810020831130.9982-100000>