i've asked this question before, but i must have been unclear. i hope this
is better:
i'm puzzled by how ipnat works, particularly by the fact that when the ip's
on an inside nic are mapped to the ip on my outside nic, i have to configure
ipfilter to allow any ip that might hit the outside nic access to the ip's on
the inside nic. so, where wpi0 is the outside nic & the 1st /24 in 10.0.0.0
contains the ip of the inside nic & everything behind it:
ipnat.rules: allow wpi0 10.0.0.0/24 -> <ip on outside nic>/32
ipf.rules: pass in quick from any to 10.0.0.0/24
i should have thought that since everything coming from outside to
10.0.0.0/24 is addressed to the <ip on outside nic> this would be
sufficient:
pass in quick from <ip on outside nic> to 10.0.0.0/24
but it isn't.
what's wrong w/ my thinking? & why isn't this rule a security hazard?
david coder
network engineer emeritus
ntt/verio
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
