From owner-freebsd-questions@FreeBSD.ORG Wed Jun 15 10:46:06 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 12C6D16A41C for ; Wed, 15 Jun 2005 10:46:06 +0000 (GMT) (envelope-from xfb52@dial.pipex.com) Received: from smtp-out2.blueyonder.co.uk (smtp-out2.blueyonder.co.uk [195.188.213.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7CAAE43D53 for ; Wed, 15 Jun 2005 10:46:04 +0000 (GMT) (envelope-from xfb52@dial.pipex.com) Received: from [82.41.37.55] ([82.41.37.55]) by smtp-out2.blueyonder.co.uk with Microsoft SMTPSVC(5.0.2195.6713); Wed, 15 Jun 2005 11:46:44 +0100 Message-ID: <42B006EB.5050901@dial.pipex.com> Date: Wed, 15 Jun 2005 11:46:03 +0100 From: Alex Zbyslaw User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-GB; rv:1.7.8) Gecko/20050530 X-Accept-Language: en, en-us, pl MIME-Version: 1.0 To: Joe References: <20050615051434.84720.qmail@web41012.mail.yahoo.com> In-Reply-To: <20050615051434.84720.qmail@web41012.mail.yahoo.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 15 Jun 2005 10:46:44.0160 (UTC) FILETIME=[85602C00:01C57197] Cc: freebsd-questions@freebsd.org Subject: Re: SMP and networking under FreeBSD 5.3 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jun 2005 10:46:06 -0000 Joe wrote: >Hey thanks, > > it seems that ipfw complains during boot with a message: > >hostname ``or'' unknown > > which I have no idea where that is coming from yet, but will >look. > > Then natd doesn't get started. > > If I run /etc/rc.d/ipfw start then the router is up and natd >gets started. > > For now, I'll probably just add it to rc at the end. I think >it has something to do with the order things get run. > > My firewall script is for a dhcp interface. Since I don't >know the IP, I use ifconfig dc0 | grep -v inet6 | grep inet | >awk ... to get the IP address for some of the rules. I'm >wondering if this is failing and causing the message above. > > Is there a 'recommended' way to create a rule for ipfw on a >dhcp interface using its IP address? > > > You don't need any of your awk/grep palaver. Your ipfw rules should probably be specifying the interface not ip addresses. Natd with -dynamic will do the right thing when dhcp picks up its actual ip address. from man natd -dynamic If the -n or -interface option is used, natd will monitor the routing socket for alterations to the interface passed. If the interface's IP address is changed, natd will dynamically alter its concept of the alias address. I have, for example: /etc/rc.conf: ifconfig_sis0="DHCP" # External network /etc/rc.firewall script ipfw add divert natd all from any to any via sis0 and it all works just fine even though natd starts off saying that it sees an IP address of 0.0.0.0 Your error message is very likely down to your "ifconfig | stuff" command which may well run when there is no ip address configured. It'll work fine when you run it once the ip address is configured, but probably not before when the script actually runs. Why do you think your firewall rules need to know the IP address? If you do need it then ipfw2 (5.X only?) has "me". From man ipfw me matches any IP address configured on an interface in the system. The address list is evaluated at the time the packet is analyzed. If you have that after your natd rule, though, it will (I think) just match everything so the interface name is good enough. e.g. from any to any via sis0 --Alex