From owner-freebsd-ipfw@FreeBSD.ORG Mon Feb 2 18:12:50 2015 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4E19D2D7 for ; Mon, 2 Feb 2015 18:12:50 +0000 (UTC) Received: from onlyone.friendlyhosting.spb.ru (onlyone.friendlyhosting.spb.ru [46.4.40.135]) by mx1.freebsd.org (Postfix) with ESMTP id 10591C8C for ; Mon, 2 Feb 2015 18:12:50 +0000 (UTC) Received: from [127.0.0.1] (nat.in.devexperts.com [89.113.128.63]) (Authenticated sender: lev@serebryakov.spb.ru) by onlyone.friendlyhosting.spb.ru (Postfix) with ESMTPSA id 06A245C003 for ; Mon, 2 Feb 2015 21:12:08 +0300 (MSK) Message-ID: <54CFBDF7.30301@FreeBSD.org> Date: Mon, 02 Feb 2015 21:12:07 +0300 From: Lev Serebryakov Reply-To: lev@FreeBSD.org Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Subject: How to configure nat for interface which will be created later? Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Feb 2015 18:12:50 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 It is possible to use non-existing interface name in via / xmit / recv option. It allows to write firewall which works with, say, VPN connection which is created AFTER firewall is loaded on boot. But "nat X config if " doesn't allow to use non-existing interface name! It looks like very strict limitation, as it doesn't allow to include VPN to nat config! Is here any solution for this problem? - -- // Lev Serebryakov -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQJ8BAEBCgBmBQJUz733XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF QUIwM0M1OEJGREM0NzhGAAoJEOqwPFi/3EePiT0P/A0QqEQD3vNBJYPvOEZwW2Vc 4xVlmMbqN0n/Wz+0bN/v8cIa5gMAYSwRGSyvE9D8FsbN7eXBe2J1DUjEq7E7er7E +jsr+bQTMpblvVBxCig+bNyjnDbFSqFzlU6ZyeBvYXbuhGmeaSnwAbfrl2eTGJ5X RlYjWRMmsUcJf+xp8xLifWoNC99/a4dyjTcmNiUd7ByrYVnnuriVCuM/NFRJPApS f2RUfoBhblDF9bC0NvnheIJpJ6sK12ZCTH4oRfRW4VEaKBpjpygH3WqmGqTUas9C rOEpE7HUA7LjwFqhi2TGbreZZX4EFVztWOUi9ufKoHX93264rtIv8EMu/LtKjuyy LrbBDl5zH6A881eTrQdZXjsG87VSwZA3ctlPjg/trw8UX0qtG3MsbfgIgp47srVK gMKmVMt0kpzHs3n7rmk8On5ELwUkbjMOPFsg1JXfhNUGelJJ+pMXBm0kaIpiHdzT 6tkSgfrvOJEziFmDF5hCcfHPzMGXJqiMCFqvrX7IsEmx9VLsLKVs2NoX7D+yu4T/ /+SAffJ4OMC22SyDHpaSfZLZTN1eHquepnpvGWYo7aUJm0kQ15Wp8qTMqQ4MFPMz GFoOuJdPDqhd96aTKYI+UYYRC51lqyCiJxmETqMWOgeT3muVsya2PRrVYALEy38H enNnWTWHiw2+3HMWMhtl =V2ZH -----END PGP SIGNATURE-----