Re: Hiding NATs with PF
From: Simon Farnsworth (usenet_at_farnz.org.uk)
Date: 09/29/05
- Next message: Alex: "Re: KDE"
- Previous message: Daniel Hartmeier: "Re: Hiding NATs with PF"
- In reply to: Max Bolingbroke: "Re: Hiding NATs with PF"
- Next in thread: Max Bolingbroke: "Re: Hiding NATs with PF"
- Reply: Max Bolingbroke: "Re: Hiding NATs with PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 29 Sep 2005 08:27:16 +0100
Max Bolingbroke wrote:
> Simon Farnsworth wrote:
>> On the other hand, make it, and you have the potential to completely
>> trash their routing, to the point that they have to send someone round
>> with a laptop to work out which segment is confusing things.
>
> Very true :). Just so I know what to avoid, would a pf rule causing
> this sort of problem look something like this:
>
> rdr on $int_if proto tcp from any to any port 80 -> $some_external_ip
>
You need a block rule to get PF to avoid it. Given a table <private> with
all RFC 1918 addresses in it:
block quick on $ext_if from <private> to any
This stops your machine sourcing private addresses, and "all" you need to do
is make sure that the cables *never* get swapped; if your internal
interface is connected to the campus network, you run the risk of big
trouble.
-- Simon Farnsworth
- Next message: Alex: "Re: KDE"
- Previous message: Daniel Hartmeier: "Re: Hiding NATs with PF"
- In reply to: Max Bolingbroke: "Re: Hiding NATs with PF"
- Next in thread: Max Bolingbroke: "Re: Hiding NATs with PF"
- Reply: Max Bolingbroke: "Re: Hiding NATs with PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
