[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RESOLVED: PF and passing traffic from RFC 1918 addresses in on external interface

To: Mark Hopkins <mhopkins@headwaystaffing.com>
Subject: Re: RESOLVED: PF and passing traffic from RFC 1918 addresses in on external interface
From: "Brian A. Seklecki" <lavalamp@spiritual-machines.org>
Date: 02 Aug 2003 20:51:36 -0400
Cc: misc@openbsd.org, Hugo Villeneuve <harpagon@jwales.EINTR.net>,pedro@am-gen.org
References: <4331D0E302E9764B96FC1A1646F4F7D342C5@knxexc1.HeadwayCorp.net>

On Mon, 2003-07-28 at 13:20, Mark Hopkins wrote:

> > Does pf drop traffic incoming on the external interface from RFC 1918
> > address by default, even if the ruleset says to pass in all, pass out all?

Be aware of ISPs using RFC 1918 reserved space for WAN addresses such as
P-t-P /30s (and then not setting up a NAT pool).

The result?  Your router's ext interface can't reach important resources
on the `net, unless you can tell X-service to source packets from the
Lan IF.

That's okay, my router doesn't need to synchronize it's clock with NTP,
i'll just get it closer to a window so it can use a sundial >:}

-lava

Prev by Date: Re: 802.11 gateway/authpf
Next by Date: Re: Driver development, recommended reading?
Prev by thread: Re: passwordcheck
Next by thread: Re: Driver development, recommended reading?
Index(es):
- Date
- Thread