From owner-freebsd-questions  Wed Dec 20 18:14:30 2000
From owner-freebsd-questions@FreeBSD.ORG  Wed Dec 20 18:14:28 2000
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from tr909.trackstar.org (adsl-63-195-17-39.dsl.chic01.pacbell.net [63.195.17.39])
	by hub.freebsd.org (Postfix) with ESMTP id 9E7F037B400
	for <questions@freebsd.org>; Wed, 20 Dec 2000 18:14:27 -0800 (PST)
Received: by tr909.trackstar.org (Postfix, from userid 505)
	id 4BFC723CD1; Wed, 20 Dec 2000 18:13:26 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by tr909.trackstar.org (Postfix) with ESMTP id 45B7423CCD
	for <questions@freebsd.org>; Wed, 20 Dec 2000 18:13:26 -0800 (PST)
Date: Wed, 20 Dec 2000 18:13:26 -0800 (PST)
From: sefkan <sefkan@tr909.trackstar.org>
To: <questions@freebsd.org>
Subject: Help: Firewall w/ dynamic ip
Message-ID: <Pine.LNX.4.30.0012201802350.8360-100000@tr909.trackstar.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Hello,

I need some help setting up a basic firewall (using /etc/rc.firewall
and /etc/rc.conf).

Here's what I have:

1) Modem connection to internet with dynamic ip (external serial modem).
2) Network card to internal network set to ip address 192.168.0.1
   (NE2000/ Linksys Card detected as "dc0" in FreeBSD)

Also, I'm using "nat(d)", so my modem becomes "tun0".

ifconfig yields:
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
        ether 00:a0:cc:e4:1f:56
        media: autoselect (100baseTX) status: active
        supported media: autoselect 100baseTX <full-duplex> 100baseTX
10baseT/UTP <full-duplex> 10baseT/UTP 100baseTX <hw-loopback> none
ds0: flags=8008<LOOPBACK,MULTICAST> mtu 65532
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
        inet 63.166.51.125 --> 216.111.111.5 netmask 0xffffff00
        Opened by PID 7737


I have modified /etc/rc.conf to include:
firewall_enable="YES"

and I have tried:
firewall_type="simple"
firewall_type="client"

////////////////////////////////////////
In the /etc/rc.firewall file I have not been able to figure
out the following:

...
[Cc][Ll][Ii][Ee][Nn][Tt])

        # set these to your network and netmask and ip
        #net="192.0.2.0"
        #mask="255.255.255.0"
        #ip="192.0.2.1"
        net="216.111.111.5"     # internal network?
        mask="255.255.255.0"    #
        ip="63.166.51.125"              # get from "ifconfig" output?
...

...
[Ss][Ii][Mm][Pp][Ll][Ee])
...
        # set these to your outside interface network and netmask and ip
        #oif="ed0"
        #onet="192.0.2.0"
        #omask="255.255.255.240"
        #oip="192.0.2.1"

and this does not work:

        oif="tun0"                      # tun0 ?
        onet="63.166.51.125"            # ?
        omask="255.255.255.240"         # ? 255.255.255.0 ?
        oip="216.111.111.5"                     # what?

...


Any help would be greatly appreciated.
Thanks in advance,
-Sefkan

PS
Please reply directly to "sefkan@tr909.trackstar.org" if possible :)



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message