Re: ipfw and it's glory...
From: Bart Matthaei (bart@dreamflow.nl)
Date: 07/17/02
- Next message: Greg Panula: "Re: ipfw and it's glory..."
- Previous message: Bart Matthaei: "Re: ipfw and it's glory..."
- In reply to:(deleted message) Sabri Berisha: "Re: ipfw and it's glory..."
- Next in thread: Greg Panula: "Re: ipfw and it's glory..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 17 Jul 2002 14:26:06 +0200 From: Bart Matthaei <bart@dreamflow.nl> To: Sabri Berisha <sabri@cluecentral.net>
On Wed, Jul 17, 2002 at 02:16:29PM +0200, Sabri Berisha wrote:
> > Natd on a firewall ? Firewalling a public network ? I don't think so
> > :)
>
> Nothing wrong with that. In fact, you might even want to consider using
> natd only if you don't use the box for another purpose.
I wouldn't advise running natd on a firewall serving a large network, since it runs in userland.
IPnat is an option, though.
Anyway, back to the original issue:
I'd rather not use PunchFW on a large network.
They don't call > 1024 un-privileged for nothing. No need firewalling
all of them. Just a few daemons that use them, like Mysql and X.
Cheers,
Bart
-- Bart Matthaei bart@dreamflow.nl If at first you don't succeed, redefine success. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Greg Panula: "Re: ipfw and it's glory..."
- Previous message: Bart Matthaei: "Re: ipfw and it's glory..."
- In reply to:(deleted message) Sabri Berisha: "Re: ipfw and it's glory..."
- Next in thread: Greg Panula: "Re: ipfw and it's glory..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
