Board index Freebsd

gateway for cable modem, ipfilter or ipfw+natd?

gateway for cable modem, ipfilter or ipfw+natd?

Post by Class Accoun » Tue, 14 Mar 2000 04:00:00



I wonder if it's faster to use ipfilter(which combines the functionality
of firewall and network address translation), or to use ipfw plus natd
seperately?

- monk

 
 
 
Top

1. ipfw/natd settings for home network connected to cable internet via FreeBSD gateway?

(please correct me if I'm wrong)

natd should take care of this.  What natd does is remap port numbers, so
it is impossible for an outside machine to access your internal network
(this breaks some things, i.e., RTSP Quicktime Streaming, active mode
FTP, some SNMP).  Take this diagram.

internal port out 80 in 1000  <----> natd port out 80 in 1024 <---> www
server port out 1024 in 80

  When your internal opens a TCP connection to the www server, it flows
over the natd box.  natd then transparently remashes the connection to
come from another port on its self, but remembers that when packets flow
in this port, they should be regurgitated on the internal network on the
port your machine is using.  It will not open connections the other way
around since it has no way of knowing where to put the packets (packet
forwarders??).

But its a good idea to secure the natd machine, if someone breaks into
that, then they get on the internal network.

Yann

--

--------------------------------------------------------------------

Atrus Trivalie Productions      www.redshift.com/~yramin
Monterey High IT                www.montereyhigh.com
ICQ                             46805627
AIM                             oddatrus
Marina, CA

IRM Developer                   Network Toaster Developer
SNTS Developer                  * Developer

"All cats die.  Socrates is dead.  Therefore Socrates is a cat."
        - The Logician
--------------------------------------------------------------------

2. Configs for WD90C24A2 chipset and the NEC VERSA V

3. natd, ipfw, cable modem, lan

4. SUN Microsystem made Archive viper 2525 SCSI external tape

5. ipfw+natd vs ipfilter

6. H-E-L-P M-E PLEASE! FreeBSD Partition HELP NEEDED!

7. Cable modem..56 modem dial up, 500K cable modem download stream...

8. Deny local socket/port binding on server.

9. Gateway 2000 "telepath" modems & cable-modems...

10. Cable modem: DHCP works - NAT doesn't (ipfilter problem?)

11. Cable modem / dhcp / ipfilter NAT - all working but grinds to a halt

12. dhcp, ipfilter, Cable Modems, and non-routable IP addresses

13. Cable Modems, NATD and DHCP


All times are UTC
Board index