On Mon, Jan 14, 2002 at 09:40:23AM +0100, Andreas Klemm wrote:
> On Sun, Jan 13, 2002 at 11:25:41PM -0800, Crist J . Clark wrote:
> > On Sun, Jan 13, 2002 at 11:56:36AM +0100, Andreas Klemm wrote:
> > > I found a document describing a firewall design only using natd
> > > for redirects to internal network resources. (Hi Marshall, therefore
> > > Cc: to you, since its yours and I have a question).
> > >
> > > http://www.rootprompt.net/freebsd_firewall.html
> > >
> > > Based on these informations I think I could get rid of natd entirely.
> >
> > Why do you say that? His example uses natd(8).
>
> He uses it only on the internal network card to redirect
> 2 application to inside machines. Look in the config !
It is also there for any machine on his 192.168.1.0/24 internal
network to communicate with machines out on the Internet, and it is
running on the _external_ interface (fxp0) not the internal one.
[snip]
> > > Are there some things to take care of, when using FIREWALL_FORWARD ?
> >
> > Yes, but nothing to do with NAT.
>
> BUT WHAT does FIREWALL_FORWARD actually does ????
Look for 'fwd' in ipfw(8).
> What happens if I define it in kernel, stop nat ?
Nothing to do with NAT. It's for making 'fwd' rules.
--
"It's always funny until someone gets hurt. Then it's hilarious."
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/ | [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
