Re: gateway_enable question

From: Kevin D. Kinsey, DaleCo, S.P. (kdk_at_daleco.biz)
Date: 12/11/04

  • Next message: Giuliano Cardozo Medalha: "SKYPE problems -- > FreeBSD 5.3-RELEASE-p2" 
    Date: Fri, 10 Dec 2004 21:10:19 -0600
To: David Banning <david+dated+1103142020.ff874b@skytracker.ca>

    David Banning wrote:

    >>>My thought was to disable the gateway configuration set in rc.conf.
    >>>How do I disable the gateway option without rebooting?
    >>>
    >>>
    >>I have gateway enabled, but natd disabled, which blocks the
    >>traffic from inside to outside, I believe.
    >>
    >>
    >
    >I have my nat running in ppp, and when I disable it, all the network
    >still happily connects to the net. I don't have natd running either.
    >Figure that out. I may be that squid is doing some nat function.
    >
    >
    >
    Seems likely, as it's a proxy server. But I'm not into proxy servers,
    so don't consider that authoritative.

    Lots of guys have suggested the firewall. On ipfw, that'd be
    something like (put your rule number for N and sub your network
    in for 192.168.0):

    add <<N>> deny ip from any 192.168.0/24 to any out via tun0

    (I'm assuming your PPP uses the first tunnel device?)

    In another portion of this thread you stated:

    >On the firewall it is difficult to block the win boxes because I -want-
    >each machine to be able to contact each other, but I don't want the
    >windows boxes to have internet connection.

    Now, that seems a little weird. Do you not have a hub or switch
    other than the BSD box on this network? Unless you're doing
    some strange routing or something, everybody on the wire
    ought to see everybody else regardless of the settings on the
    firewall (except they maybe won't see *it* ...)

    HTH,

    Kevin Kinsey
    _______________________________________________
    freebsd-questions@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

  • Next message: Giuliano Cardozo Medalha: "SKYPE problems -- > FreeBSD 5.3-RELEASE-p2"

    Relevant Pages

    • Re: Newbie Questions
      ... with the HOWTOs - and then graduate to the "Linux Network Administrator's ... and the firewall is doing NAT. ... when they REALLY need the proxy server? ... there must be written policies in place BEFORE the ...
      (comp.os.linux.networking)
    • Re: How to allow for programs through ISA 2000
      ... Network Proxy Server such as ISA Server. ... firewall or proxy server to perform Smart Update, ...
      (microsoft.public.isa)
    • RE: Proxy & Firewall Implementation
      ... go through the firewall from that machine. ... if it's a decent size network they are ... outside the network in a dmz, is to protect the rest of the network ... circumstances when placing their proxy server inside a protected network ...
      (Security-Basics)
    • Proxy VS Firewall
      ... does nothing but *hide* your internal network and cache web ... Firewall however will do things such as application filter's, ... Proxy server: Intercepts all messages entering and leaving the network. ... It intercepts all requests to the real server to see if it ...
      (comp.security.firewalls)
    • Re: DNS error 1168
      ... but have NAT running from a Cisco PIX ... > that the PIX 506E firewall has a new IP address for the ... Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP ...
      (microsoft.public.windows.server.dns)