From owner-freebsd-questions@FreeBSD.ORG  Wed Jun 15 20:11:48 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ACB4F16A41C
	for <freebsd-questions@freebsd.org>;
	Wed, 15 Jun 2005 20:11:48 +0000 (GMT)
	(envelope-from josepha48@yahoo.com)
Received: from web41015.mail.yahoo.com (web41015.mail.yahoo.com [66.218.93.14])
	by mx1.FreeBSD.org (Postfix) with SMTP id 8F89B43D55
	for <freebsd-questions@freebsd.org>;
	Wed, 15 Jun 2005 20:11:48 +0000 (GMT)
	(envelope-from josepha48@yahoo.com)
Received: (qmail 22911 invoked by uid 60001); 15 Jun 2005 20:11:46 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
	h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
	b=AMJeQVWXtKeAiDljJngEIyfdPQNnX+PRgTbiZO0cNiuOL9JorNF9+RVZc+foI1vhIDsKb+n2fL7IQe20rTHGKDMHXeMwnyNnYt2x1zskjy1xKGuqxf2jml4aGt0dhgM57ETXpJvuHJrAa9RHq/fuv/YCWXuorrU7Fki5CgSh5AA=
	; 
Message-ID: <20050615201146.22909.qmail@web41015.mail.yahoo.com>
Received: from [4.20.162.6] by web41015.mail.yahoo.com via HTTP;
	Wed, 15 Jun 2005 13:11:45 PDT
Date: Wed, 15 Jun 2005 13:11:45 -0700 (PDT)
From: Joe <josepha48@yahoo.com>
To: Alex Zbyslaw <xfb52@dial.pipex.com>
In-Reply-To: <42B006EB.5050901@dial.pipex.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Cc: freebsd-questions@freebsd.org
Subject: Re: SMP and networking under FreeBSD 5.3
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jun 2005 20:11:48 -0000

Actually it is not my divert rule that I am using the ip
address. In fact my rc.conf has the 'right stuff' for natd, as
the same ipfw rules worked in 5.2 and 5.1.  Same rc.conf stuff
for natd too.

The ifconfig stuff is for other rules like:

ipfw add allow tcp from $EXT_IPADDR to any out xmit dc0 setup
keep-state

I use ifconfig stuff to get EXT_IPADDR for the above rule.  I
suppose I could use 'me' as I usually am referring to both
interfaces.   I'll probably change to use me and see how that
goes. 

I'm not sure why I get the hostname ``or'' unknown message
though.

Joe

--- Alex Zbyslaw <xfb52@dial.pipex.com> wrote:

> Joe wrote:
> 
> >Hey thanks, 
> >
> >   it seems that ipfw complains during boot with a message:
> >
> >hostname ``or'' unknown
> >
> >   which I have no idea where that is coming from yet, but
> will
> >look.  
> >
> >   Then natd doesn't get started.  
> >
> >   If I run /etc/rc.d/ipfw start then the router is up and
> natd
> >gets started.    
> >
> >   For now, I'll probably just add it to rc at the end.  I
> think
> >it has something to do with the order things get run.  
> >
> >   My firewall script is for a dhcp interface.  Since I don't
> >know the IP, I use ifconfig dc0 | grep -v inet6 | grep inet |
> >awk ... to get the IP address for some of the rules.  I'm
> >wondering if this is failing and causing the message above.
> >
> >   Is there a 'recommended' way to create a rule for ipfw on
> a
> >dhcp interface  using its IP address?  
> >
> >  
> >
> You don't need any of your awk/grep palaver.  Your ipfw rules
> should 
> probably be specifying the interface not ip addresses.  Natd
> with 
> -dynamic will do the right thing when dhcp picks up its actual
> ip address.
> 
> from man natd
> 
>      -dynamic    If the -n or -interface option is used, natd
> will 
> monitor the
>                  routing socket for alterations to the
> interface passed.  If
>                  the interface's IP address is changed, natd
> will 
> dynamically
>                  alter its concept of the alias address.
> 
> I have, for example:
> 
> /etc/rc.conf:
> 
>     ifconfig_sis0="DHCP"                            # External
> network
> 
> /etc/rc.firewall script
> 
>     ipfw add divert natd all from any to any via sis0
> 
> and it all works just fine even though natd starts off saying
> that it 
> sees an IP address of 0.0.0.0
> 
> Your error message is very likely down to your "ifconfig |
> stuff" 
> command which may well run when there is no ip address
> configured.  
> It'll work fine when you run it once the ip address is
> configured, but 
> probably not before when the script actually runs.
> 
> Why do you think your firewall rules need to know the IP
> address?  If 
> you do need it then ipfw2 (5.X only?) has "me".  From man ipfw
> 
>      me     matches any IP address configured on an interface
> in the system.
>              The address list is evaluated at the time the
> packet is 
> analyzed.
> 
> If you have that after your natd rule, though, it will (I
> think) just 
> match everything so the interface name is good enough.  e.g.
> from any to 
> any via sis0
> 
> --Alex
> 



		
__________________________________ 
Discover Yahoo! 
Get on-the-go sports scores, stock quotes, news and more. Check it out! 
http://discover.yahoo.com/mobile.html