FreeBSD has a number of firewall options, each if which as far as I know works just fine without NAT. In fact, I had much more trouble getting NAT working under FreeBSD than I did getting ipfw working. I think the reason all the tutorials assume you'll be using NAT is that people tend to use BSD for cheap routers for home networks rather than anything else.
Tom ----- Original Message ----- From: "Jimmy" <[EMAIL PROTECTED]> To: "Quentin Hartman" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, June 05, 2002 10:12 PM Subject: Re: Seemingly obvious Linux / BSD firewall question > > That is posible using OpenBSD as the firewall, with FreeBSD I am not sure, > in Linux I am more or less sure can not do that, it always asume NAT. > > --JImmy > > On Tue, 4 Jun 2002, Quentin Hartman wrote: > > > Colleagues- > > I am in the process of securing a network that currently is wide open. > > There are several publicly addressable subnets connected via a Cisco router > > which is in turn connected to another router which is where we get our > > Internet access (border router). I intend to physically place a firewall > > machine between the internal router and the border router. Some addresses > > on the network must remain publicly addressable, primarily for services > > from an ASP we use. All of the information I have found indicates that in > > order for a Linux/ BSD machine to act as a stateful firewall (or any kind > > of firewall for that matter), it must also be doing NAT translation. That > > intuitively seems wrong, and would make this sort of configuration unusable > > to me. It seems that a netfilter configuration should be able to do this > > without doing the NAT translation. Is all the documentation simply written > > assuming you need NAT as well, or is using it actually not avoidable? Based > > on my simple explanation of the configuration, do any of you have > > suggestions for firewall placement that may be better? Ideally, I would > > purchase the firewall addon software for the internal Cisco router, but it > > is too costly for my budget. > > > > -Regards- > > -Q- > > >
