Earl A. Killian wrote: > Chris Dillon writes: > > Date: Fri, 15 Feb 2002 10:20:39 -0600 (CST) > > From: Chris Dillon <[EMAIL PROTECTED]> > > > > If you have the luxury of having more than one IP address available > > for the outside interface, you can dedicate one address to natd's use, > > and the other to the host machine. Use -deny_incoming on natd, and > > use whatever rules you want, including stateful, on the non-NAT > > address. This is what I've done and it works fine. > > This sounds promising, but I am confused by the man page on > -deny_incoming. Perhaps you could clarify? It says, "Do not pass > incoming packets that have no entry in the internal translation > table." Which internal translation table do they mean? If this is > the translation table set up when an internal host packet is forwarded > to the internet, I don't see how a connection ever gets established. > Does "internal translation table" mean something else?
It's a 'natd' option, which says not to pass incoming packets (from the nat'd interface, presumably the external interface) which aren't part of established "connections" -- the internal translation table is internal to natd. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
