Date: Tue, 07 Aug 2001 10:50:37 -0500 From: "Douglas G. Allen" <dallen@roe35.lth2.k12.il.us> To: "Max Clements" <max.clements@swistgroup.com> Cc: freebsd-security@freebsd.org Subject: RE: ipfw question Message-ID: <200108071050370603.00D90CE5@mail.roe35.lth2.k12.il.us> In-Reply-To: <DEC925D2FB9081448C3D6EC26E85868C5B66@steinmail.swistgroup.com> References: <DEC925D2FB9081448C3D6EC26E85868C5B66@steinmail.swistgroup.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Max, >Nope - it is the netmask that you associate with one host... >ifconfig is quite corrent in NOT rejecting it as it is right to use it with >an alias... My understanding, based upon a lot of reading and some discussions on Sunday in stable, was that only the first IP address was given the true network mask. The aliases had to be given the 255.255.255.255 netmask in order for it to work. Otherwise arp might complain, as it did with two cards active on the machine. >Nope an alias that is on the same IP segment as the main interface must have >a netmask of all ones, i.e., 255.255.255.255 or of you like that in hex >0xffffffff. Please refer to the FreeBSD /etc/defaults/rc.conf file and see: >-- >#ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias >entry. >-- Ok, that backs up my interpretation above. Now, how do I get ipfw to allow me to write rules that will filter on both rules and leave both the true address and the alias active and able to see the network? I've tried firewalling just the true address, firewalling both addresses with the true netmask, firewalling the true address with the actual mask and the alias with 255.255.255.255. In each case, I could get the true address see the network and the ipfw rules worked as expected. However the alias didn't function in each case. Any suggestions? Doug To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108071050370603.00D90CE5>