Date: Wed, 24 Sep 2003 15:38:11 +0800 From: "Michael Lee(HINET)" <kuniaki.lee@msa.hinet.net> To: <freebsd-questions@freebsd.org> Subject: Question for ipf setting on single NIC box Message-ID: <001501c3826e$cecc1300$ca00a8c0@michael>
next in thread | raw e-mail | index | archive | help
Hi all, I only have a NIC on my FreeBSD Box. Here is my configuration: ifconfig de0 aaa.bbb.ccc.ddd netmask 255.255.255.0 ( My External Interface ) ifconfig de0_alias0 192.168.1.254 netmask 255.255.255.0 ( My Virtual Internal Interface ) and this is the result shown for ifconfig -L de0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet aaa.bbb.ccc.ddd netmask 0xffffff00 broadcast aaa.bbb.ccc.255 inet 192.168.1.254 netmask 0xffffff00 broadcast 192.168.1.255 ether 00:80:c8:f6:7b:c7 media: Ethernet autoselect (100baseTX <full-duplex>) status: active ( aaa.bbb.ccc.ddd is the static IP I got from the ISP ) Everything seems OK to me that the NIC binds the virtual IP. The question is that while configuring ipf.rules and ipnat.rules ( Originally, I use tun0 as the external interface for ppp dialup. It is OK to set the ipf rules to block the incoming and outgoing packet through tun0. ) But now I switched to static IP DSL and I failed to configure the de0 ( ext. if ) while applying the following rules: block in quick on de0 from 192.168.0.0/16 to any block out quick on de0 from 192.168.0.0/16 to any After applying the above rules, ipf seems to block the packet on de0_alias0. DHCPD cannot even send out packet to the local subnet ( 192.168.1.0/24 ) ( ipf block all traffic that should be block in the outside interface ) I can only add pass in quick all and pass out quick all now or the traffic will be completely blocked . However, to add only pass in quick all and pass out quick all seems not a good idea for the firewall. Is there anyway to solve the problem ? Or if I wrongly configure ipf ? Thank you! Michael Lee
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001501c3826e$cecc1300$ca00a8c0>