Date: Mon, 9 Apr 2001 13:46:58 -0700 (PDT) From: Larry Librettez <lipshitz909@yahoo.com> To: michael@tenzo.com, freebsd-questions@FreeBSD.ORG Subject: Re: How to specify external network for firewall/NAT when IP is dynamically assigned Message-ID: <20010409204658.21620.qmail@web13208.mail.yahoo.com> In-Reply-To: <01040913345700.01892@pravda.tenzo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Take a look at the man ipfw page, specifically the use of 'me' as a destination. 'me' can be used for dynamically assigned IP addresses as in your case. I use it for my ppp dialup connections. You may have to change your rc.firewall script a bit though to accomodate the 'me' destination. One other alternative is to use awk to extract your IP address from the output of ifconfig, and incorporate that into rc.firewall. I'm sure there are other ways of doing it though. --- Michael O'Henly <michael@tenzo.com> wrote: > Hi... > > I'm attempting to set up a simple firewall for my > home network. I have a > FreeBSD box with two NICs, one connected to the > internet via cable modem and > the other to an internal network on which there are > two Macs. My external IP > is assigned by DHCP. I'm not running any services > that I want accessible to > external users, or any from which I'd want to block > internal users. > > I've read a lot of docs over the last few days on > how to do this and I think > I have the basics straight -- but for this question: > > In /etc/rc.firewall (simple section), I'm asked to > identify my networks. > Since my IP is dynamically assigned, how do I > specify my outside network > interface? Here's the format (replacing 1.2.3.444/24 > with actual values)... > > # set these to your outside network interface and > netmask and ip > oif="ed0" > onet="1.2.3.444/24" > omask="255.255.255.0" > oip="1.2.3.444" > > # set these to your inside network interface and > netmask and ip > iif="ed1" > inet="192.168.0.444/24" > imask="255.255.255.0" > iip="192.168.0.444" > > Thanks. > > M. > > -- > Michael O'Henly > TENZO Design > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of > the message __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010409204658.21620.qmail>