tech-security: Re: Friewall rules for NAT w/ DHCP outside address

Subject: Re: Friewall rules for NAT w/ DHCP outside address
To: Sam Carleton <scarleton@miltonstreet.com>
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
List: tech-security
Date: 07/21/2001 17:32:36

On Sat, Jul 21, 2001 at 04:25:25AM -0400, Sam Carleton wrote:
> gabriel,
> 
> Thank you.  I have two more questions:
> 
> 
> 1:  I am a bit confused about dealing with the NAT/DHCP issue.  What has me
> stumped is that if I want to do a:
> 
> block in log quick on tun0 proto tcp from any to <internal network> port = 23
> or
> block out log quick on tun0 proto tcp from <internal network> to any port = 23
> 
> What do I put in for the internal network?  The IP is assigned via DHCP.  Is
> my only choice to use any?

Put the net/netmask of your internal network, e.g. 192.168.1.0/24

--
Manuel Bouyer <bouyer@antioche.eu.org>
--