NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: NPF single NIC & NAT



Eric Garver <e <at> erig.me> writes:


> 
> I recently rebuilt my home network and do exactly this. Coincidentally I
> just finished writing/posting it yesterday.
> 

Perfect timing :)

> 
> Just a warning: You're allowing _all_ traffic to hit your NetBSD box.
> 

Thanks for the heads up. I do know that the gateway router does some
filtering before passing on the traffic, so I don't think I've been too
vulnerable in the meantime.


>
> It is possible that NPF won't let you redirect out the same interface (
> I don't know). But try the above first. If that fails, then you can try
> using VLANs.
> 

I added the 'stateful' tag to my rules as you suggested, but unfortunately
it seems like that just won't be enough. A real shame too, because iptables
doesn't have these limitations -- but I really hate iptables syntax whereas
npf is so clean and concise.

Failing another solution, looks like I might have to use vlans after all.
Thanks for the tips! 





Home | Main Index | Thread Index | Old Index