On Mon, Nov 18, 2002 at 01:22:19AM -0800, Daniel Eggert wrote:
> Im running NAT and have a private subnet 192.168.0.0/24, but in contrast to the case usually described in the documentation, my private subnet is _not_ trusted.
> 
> My question: How should I set up my ipf rules for the nic that connects the 192.168.0.0/24 network? I want to allow all traffic to my ISP, but nothing to my NetBSD box.

Your case is not unlike mine wherein I have NetBSD boxes on a particularly
unsafe school LAN.  If you have the hardware (It doesn't take much!), you
could run your "NetBSD box" behind its own firewall (ipfilter), with or
without NAT.  Just use one of the other private address ranges besides
192.168.0.0 to construct your "trusted" subnet.

henry nelson