gateway_enable question

David Banning david+dated+1103141576.b2bd68 at
Fri Dec 10 12:13:03 PST 2004

> If you use nat, killing natd might be an option.  You could also put up 
> a firewall that blocks those computers ip addresses.  Maybe have 2 
> firewall configs.  You could simply run a flush and then load the new 
> ones on the command line.  (ipfw)

Thanks Lucas. I have tried killing the ppp nat that I run by killing;

/usr/sbin/ppp -quiet -ddial -nat default

and running;

/usr/sbin/ppp -quiet -ddial default

but surprisingly, the network machines can still access the internet.

To me that is strange, especially when you consider that I don't have
natd running either. There must be something doing the network translation
unseen to me. I am running squid and dansguardian - I don't know if 
they provide any nat function.

On the firewall it is difficult to block the win boxes because I -want- 
each machine to be able to contact each other,  but I don't want the
windows boxes to have internet connection.

ipfw would be great - my main problem is that I want to block the 
win boxes from using messenger which tries any and all ports,  but
I don't want to block my x-win (xwin32) terminal connection to unix
from each win box - which -also- seems to want to pick it's own port
every time it runs.

More information about the freebsd-questions mailing list