From owner-freebsd-questions  Thu Dec 21  5: 3:46 2000
From owner-freebsd-questions@FreeBSD.ORG  Thu Dec 21 05:03:45 2000
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from gray.westgate.gr (gray.westgate.gr [212.205.119.66])
	by hub.freebsd.org (Postfix) with ESMTP id 7881C37B400
	for <questions@FreeBSD.ORG>; Thu, 21 Dec 2000 05:03:43 -0800 (PST)
Received: (from charon@localhost)
	by gray.westgate.gr (8.11.1/8.11.1) id eBLD2ZJ06124;
	Thu, 21 Dec 2000 15:02:35 +0200 (EET)
Date: Thu, 21 Dec 2000 15:02:35 +0200
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: sefkan <sefkan@tr909.trackstar.org>
Cc: questions@FreeBSD.ORG
Subject: Re: Help: Firewall w/ dynamic ip
Message-ID: <20001221150235.A5931@gray.westgate.gr>
References: <Pine.LNX.4.30.0012201802350.8360-100000@tr909.trackstar.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.LNX.4.30.0012201802350.8360-100000@tr909.trackstar.org>; from sefkan@tr909.trackstar.org on Wed, Dec 20, 2000 at 06:13:26PM -0800
X-PGP-Fingerprint: 3A 75 52 EB F1 58 56 0D - C5 B8 21 B6 1B 5E 4A C2
X-URL: http://students.ceid.upatras.gr/~keramida/index.html
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, Dec 20, 2000 at 06:13:26PM -0800, sefkan wrote:
> 
> Hello,
> 
> I need some help setting up a basic firewall (using /etc/rc.firewall
> and /etc/rc.conf).
...
>         oif="tun0"                      # tun0 ?
>         onet="63.166.51.125"            # ?
>         omask="255.255.255.240"         # ? 255.255.255.0 ?
>         oip="216.111.111.5"                     # what?

I always seem to think that rc.firewall is a nice starting point.  It
provides with nice ideas about setting up your own set of rules.  But
eventually, you will have to make your own rules.

What you are describing as a `problem' is easily resolved once you write
your own rules, to use `in recv tun0' and `out xmit tun0' instead of using
the IP address.

If you are too reluctant to copy/paste and edit the nice rules of
rc.firewall into a file of your own (which is what I usually recommend to
people who want to actually *learn* how ipfw works), you can always find a
good set of sample files at my home page.  The URL for the ipfw section is:

    <http://students.ceid.upatras.gr/~keramida/ipfw/>

Ciao,
Giorgos.

PS: Also note that this question has been answered about a zillion times,
and there are lots of answers in the archives :-)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message