david+dated+1103141576.b2bd68 at skytracker.ca
Fri Dec 10 12:13:03 PST 2004
> If you use nat, killing natd might be an option. You could also put up
> a firewall that blocks those computers ip addresses. Maybe have 2
> firewall configs. You could simply run a flush and then load the new
> ones on the command line. (ipfw)
Thanks Lucas. I have tried killing the ppp nat that I run by killing;
/usr/sbin/ppp -quiet -ddial -nat default
/usr/sbin/ppp -quiet -ddial default
but surprisingly, the network machines can still access the internet.
To me that is strange, especially when you consider that I don't have
natd running either. There must be something doing the network translation
unseen to me. I am running squid and dansguardian - I don't know if
they provide any nat function.
On the firewall it is difficult to block the win boxes because I -want-
each machine to be able to contact each other, but I don't want the
windows boxes to have internet connection.
ipfw would be great - my main problem is that I want to block the
win boxes from using messenger which tries any and all ports, but
I don't want to block my x-win (xwin32) terminal connection to unix
from each win box - which -also- seems to want to pick it's own port
every time it runs.
More information about the freebsd-questions