On Sun, Jan 13, 2002 at 11:56:36AM +0100, Andreas Klemm wrote:
> I found a document describing a firewall design only using natd
> for redirects to internal network resources. (Hi Marshall, therefore
> Cc: to you, since its yours and I have a question).
>
> http://www.rootprompt.net/freebsd_firewall.html
>
> Based on these informations I think I could get rid of natd entirely.
Why do you say that? His example uses natd(8).
> See my previous mail, my problem was, that I can't get it to run
> for a typical 2 NIC configuration with internal network, DMZ and
> a router in front of a 512k leased line.
You didn't inlcude your firewall rules.
> Or is this my NAT problem, that additionally I have to use the kernel
> option FIREWALL_FORWARD,
You don't need it.
> to get NAT for internal users running,
> 'though all other documents state out, that only IPFIREWALL and
> IPDIVERT are needed ???
But it shouldn't cause problems.
> Therefore the question, is using FIREWALL_FORWARD a good
> replacement for /sbin/natd if you want to give users of
> the internal network access to the outside world ?
FIREWALL_FORWARD has nothing to do with NAT.
> Are there some things to take care of, when using FIREWALL_FORWARD ?
Yes, but nothing to do with NAT.
> Does the logic for firewall rules change, or could I still use the
> templates in /etc/rc.firewall ???
For what?
--
"It's always funny until someone gets hurt. Then it's hilarious."
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/ | [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
