Re: ipfw and it's glory...

From: Bart Matthaei (bart@dreamflow.nl)
Date: 07/17/02


Date: Wed, 17 Jul 2002 14:26:06 +0200
From: Bart Matthaei <bart@dreamflow.nl>
To: Sabri Berisha <sabri@cluecentral.net>

On Wed, Jul 17, 2002 at 02:16:29PM +0200, Sabri Berisha wrote:
> > Natd on a firewall ? Firewalling a public network ? I don't think so
> > :)
>
> Nothing wrong with that. In fact, you might even want to consider using
> natd only if you don't use the box for another purpose.

I wouldn't advise running natd on a firewall serving a large network, since it runs in userland.
IPnat is an option, though.

Anyway, back to the original issue:

I'd rather not use PunchFW on a large network.

They don't call > 1024 un-privileged for nothing. No need firewalling
all of them. Just a few daemons that use them, like Mysql and X.

Cheers,

Bart

-- 
Bart Matthaei                 bart@dreamflow.nl 
If at first you don't succeed, redefine success.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message