Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 23 May 1998 23:27:15 -0700 (PDT)
From:      Doug White <dwhite@gdi.uoregon.edu>
To:        Capriotti <capriotti@geocities.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: IPFW and dial-up link to internet
Message-ID:  <Pine.BSF.3.96.980523232453.9142O-100000@gdi.uoregon.edu>
In-Reply-To: <3.0.32.19691231210000.0094a9c0@pop.mpc.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 20 May 1998, Capriotti wrote:

> the connection works great and it was done "by the book", following
> instrucions at the ppp man pages and docs at FBSD site.
> 
> The point I have to discuss is how to use IPFW with a dynamic IP environment.
> 
> My doubt, basically is how to set up these lines:
> 
>  # set these to your outside interface network and netmask and ip
>     oif="tun0"                # I am using tun0 to connect
>     onet="200.246.0.0"        # My ISP's address is 200.246.0.252
>     omask="255.255.255.0"     # I guess this is right
>     oip="192.168.4.17"        # I have no idea what I should put here
> 
> 
>     # set these to your inside interface network and netmask and ip
>     iif="ed1"                 # my network card
>     inet="192.168.0.0"        # the internal network
>     imask="255.255.255.0"     # the mask seems to be ok also
>     iip="192.168.0.30"        # the internal IP
> 
> Next I am using basically al the rules from "simple", at the rc.firewall
> file, plus a couple more to ensure that netbios is not being manipulated
> from outside, and also telnet will work within the LAN only.
> 
> Could someon take a look at those lines and give me some advice ?

I would suggest reworking rc.firewall so that any references to
outside-net addresses be changed to `any' and any explicit references to
`via ${oif}' be removed.  This generalizes things extensively.  I assume
that this is okay with you.  

The skeleton firewall config in rc.firewall assumes that you have a
bastion host on the outside that you need to have access to.  If you don't
then you can be much more general in your rules.  

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980523232453.9142O-100000>