From owner-freebsd-net@FreeBSD.ORG Wed Dec 13 09:30:58 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4D9D016A407 for ; Wed, 13 Dec 2006 09:30:58 +0000 (UTC) (envelope-from artem@aws-net.org.ua) Received: from saturn.interami.com (saturn.interami.com [193.41.48.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id CF5AC43CAA for ; Wed, 13 Dec 2006 09:29:26 +0000 (GMT) (envelope-from artem@aws-net.org.ua) Received: from sigma.interami.com (sigma.interami.com [193.41.48.133]) by saturn.interami.com (8.13.1/8.13.1) with ESMTP id kBD9UjHX062170; Wed, 13 Dec 2006 11:30:45 +0200 (EET) (envelope-from artem@aws-net.org.ua) Received: from 217.12.197.82 (SquirrelMail authenticated user artem) by sigma.interami.com with HTTP; Wed, 13 Dec 2006 11:31:03 +0200 (EET) Message-ID: <60499.217.12.197.82.1166002263.squirrel@sigma.interami.com> In-Reply-To: <338990136.20061213113551@sovetnik.org> References: <166800308.20061212122746@sovetnik.org> <50521.217.12.197.82.1165919086.squirrel@sigma.interami.com> <1553703324.20061212134138@sovetnik.org> <59764.217.12.197.82.1165920505.squirrel@sigma.interami.com> <51033.217.12.197.82.1165988784.squirrel@sigma.interami.com> <1374382666.20061213100122@sovetnik.org> <53106.217.12.197.82.1165998342.squirrel@sigma.interami.com> <338990136.20061213113551@sovetnik.org> Date: Wed, 13 Dec 2006 11:31:03 +0200 (EET) From: "Artyom Viklenko" To: "Alexei" User-Agent: SquirrelMail/1.4.8 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Spam-Status: No, score=-0.2 required=8.0 tests=AWL autolearn=disabled version=3.1.4 X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on saturn.interami.com X-Antivirus: Dr.Web (R) for Mail Servers on saturn.interami.com host X-Antivirus-Code: 100000 Cc: freebsd-net@freebsd.org Subject: Re: Re[6]: mpd pppoe client problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Dec 2006 09:30:58 -0000 > Hello, Artyom. > >> Why do you use ipnat and ipfw? May be better to >> use one firewall? ipfilter itself or ipfw with natd >> or ng-nat. > > I used to use ipfw as a firewall.. and natd makes too heavy cpu load. Try to use ipfilter or pf. They do nat in kernel. Or you can use ng_nat with ipfw. > > >> I'm not shure but ipfilter allow to define rules with >> interfaces which does not exist at the time of >> firewall activation (at least PF can). > >> Also, you don't need to restart ntpd each time >> your interface goes up. Same for named and apache. >> Typically. May be you have some very interesting >> requirements to do so?.. > > Em.. Well.. After system startup there is no external interface (ng or > tun) to bind to. How can I make those applications bind to the new > interface after it gone up? Do you really need to bind them to particular interface? If you bind, for example, apache to wildcard address 0.0.0.0, (as in default configuration), it will work with new interfaces and addresses. If you use some kind of ip-based virtualhost configuration, you can bind it to some local private IP, and redirect incoming traffic to that address. This local ip will always be available for apache. natd, as i know, bind itself to ALL ips on system. And it will syncronize well with external time sources when they are beacame available. I have dialup ppp connection at home and I have ntpd. When link is up, it syncronizes with sources, when link is down it lost syncronization until next availability of connection. And I do not restart it every time link does up. Your named, I think, can be binded to your internal address. But it can send queries with any address available at the time of sending this request depending on routing information. Try to keep things as simple as possible! :) -- Sincerely yours, Artyom Viklenko. ------------------------------------------------------- artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem FreeBSD: The Power to Serve - http://www.freebsd.org