From owner-freebsd-net  Thu Feb 22 15: 4:58 2001
Delivered-To: freebsd-net@freebsd.org
Received: from black.purplecat.net (ns1.purplecat.net [209.16.228.148])
	by hub.freebsd.org (Postfix) with ESMTP id 4F13437B491
	for <freebsd-net@freebsd.org>; Thu, 22 Feb 2001 15:04:54 -0800 (PST)
	(envelope-from peter@black.purplecat.net)
Received: from localhost (peter@localhost)
	by black.purplecat.net (8.8.8/8.8.8) with ESMTP id SAA08581
	for <freebsd-net@freebsd.org>; Thu, 22 Feb 2001 18:07:14 -0500 (EST)
	(envelope-from peter@black.purplecat.net)
Date: Thu, 22 Feb 2001 18:07:14 -0500 (EST)
From: Peter Brezny <peter@black.purplecat.net>
To: freebsd-net@freebsd.org
Subject: ipfw simple quesiton
Message-ID: <Pine.BSF.4.05.10102221800540.8312-100000@black.purplecat.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hello,

I've just added a second external interface to a machine.  I'd like to not
have to duplicate all the rules that involve outside interfaces.


I've got rules like 

        $fwcmd add deny all from 0.0.0.0/8 to any in via $oif

is it possible to specify multiple interfaces for one rule by letting

oif= ed0,ed1

?

Similarly, would that work for the ip's of the outside if's?

        $fwcmd add allow ip from $oip to any keep-state out via $oif

oip= 10.10.1.1,10.10.1.2

?


And finally, my rc.conf defines the interface for natd like this:


natd_interface="xl0"


is it possible to have natd run on both external interfaces without
causing problems?  how would i configure that?


TIA

pb


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message