Date: Tue, 26 Sep 2000 16:44:41 -0700 (PDT) From: Ben Hacker Jr <strbenjr@yahoo.com> To: list DC-FBSD <fug-washdc@Sytex.Net>, questions FBSD <freebsd-questions@FreeBSD.ORG> Subject: Is IPFilter & DHCP possible?? Message-ID: <20000926234441.9938.qmail@web4503.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Thanks in advance!!
(I am not a member of FreeBSD Questions list so
please answer directly if you're from that list.)
I am configuring IPFilter on a box using dialup
PPP w/DHCP. (It will likely change to DSL in
the future so answers for that are good also.)
How do I get the files /etc/ipf.conf & /etc/ipnat.conf
to use the dynamically assigned "real" IP addresses,
i.e. modify a line like this:
map ep0 10.0.0.0/8 -> 24.24.24.24/32 portmap
tcp/udp 10000:65000
--- WHERE 24.24.24.24 is the IP address from DHCP.
*** AND/OR modify the filter configuration***
# (Output from MKFILTERS)
# The following routes should be configured, if not
already:
#
# route add 10.1.1.1 localhost 0
#
block in log quick from any to any with ipopts
block in log quick proto tcp from any to any with
short
pass out on ed0 all head 150 #FW > in
block out from 127.0.0.0/8 to any group 150
block out from any to 127.0.0.0/8 group 150
block out from any to 10.1.1.1/32 group 150
pass in on ed0 all head 100 #Outgoing
block in from 127.0.0.0/8 to any group 100
block in from 10.1.1.1/32 to any group 100
block in from 24.24.24.24/0xffffff00 to any group 100
pass out on tun0 all head 350 #FW > out
block out from 127.0.0.0/8 to any group 350
block out from any to 127.0.0.0/8 group 350
block out from any to 24.24.24.24/32 group 350
pass in on tun0 all head 300 #Incoming
block in from 127.0.0.0/8 to any group 300
block in from 24.24.24.24/32 to any group 300
block in from 10.1.1.1/0xffffff00 to any group 300
--- WHERE 24.24.24.24 is the IP address from DHCP.
=====
-=*=- -=*=- -=*=- -=*=- -=*=- -=*=- -=*=- -=*=- -=*=-
Ben Hacker Jr Technical Specialist
Computer Sciences Corporation
(703) 289-3477 MC 291
bhacker1@csc.com 3170 Fairview Park Drive
strben@altavista.com Falls Church, VA 22304
-=*=- -=*=- -=*=- -=*=- -=*=- -=*=- -=*=- -=*=- -=*=-
__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000926234441.9938.qmail>