Hallo!
Out from reading the manpage for natd, I have a question about how to restrict IPFW
access for NAT for the case when I have one computer connected directly to another one
(having two NICs installed into it)? That means that I don't have to care about big
private network, but rather want to narrow down the access to single private IP
address.
For NAT to work, two rules need to be added:
ipfw add divert natd all from any to any via xl0
Can this rule be restricted (is it possible to divert not every packets)? Right now,
every packet that enters/leaves the system is diverted, sometimes natd process eats
quite a lot of processor resources. Can this be avoided? How?
ipfw add pass all from any to any
How can this be restricted? I basically need only outgoing stuff working, that's all,
and silently passing any packets from whatever location to any destination is insecure
to me. Can someone post a live examples of such setup?
Waiting to hear from some gurus ;)
--
Eugene
---------------------------------------------------------
Размер почтовых ящиков увеличен до 25 мегабайт!
ПОЧТА НГС - http://ngs.ru/
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
