gateway_enable question

[Loren M. Lang]

On Fri, Dec 10, 2004 at 01:56:44PM +0900, Rob wrote:
> David Banning wrote:
> >I have a few win boxes which use my FreeBSD box as a gateway to 
> >the net. I am wondering how I can keep a network connection 
> >between all the computers, allowing the FreeBSD box to 
> >still be connected to the net, but disallow all win boxes from 
> >connecting to the net? 
> >
> >My thought was to disable the gateway configuration set in rc.conf.
> >How do I disable the gateway option without rebooting?
> 
> I have gateway enabled, but natd disabled, which blocks the
> traffic from inside to outside, I believe.

Actually, not running natd simply means that the traffic passing though
won't be NATed, but I bet it is still going through.  Now your ISP may
still block the traffic because the address ur internal network uses are
not allowed on the internet, but not all isps will neccessarily block
it and traffic may indeed get out, just with no route back.  This might
be a great way to do a DoS attack on someone without needing to be root.
I think the proper way to not forward traffic would be to setup a
firewall to block it, or disable ip forwarding with sysctl
net.inet.ip.forwarding=0, or even both!

> 
> Rob.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

-- 
I sense much NT in you.
NT leads to Bluescreen.
Bluescreen leads to downtime.
Downtime leads to suffering.
NT is the path to the darkside.
Powerful Unix is.

Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc
Fingerprint: B3B9 D669 69C9 09EC 1BCD  835A FAF3 7A46 E4A3 280C