Date: Sat, 24 Feb 2001 14:58:52 +0100 From: "Rogier R. Mulhuijzen" <drwilco@drwilco.nl> To: Peter Brezny <peter@black.purplecat.net>, freebsd-net@FreeBSD.ORG Subject: Re: ipfw simple quesiton Message-ID: <4.3.2.7.0.20010224144707.00df4100@mail.bsdchicks.com> In-Reply-To: <Pine.BSF.4.05.10102221800540.8312-100000@black.purplecat.n et>
next in thread | previous in thread | raw e-mail | index | archive | help
At 18:07 22-2-01 -0500, Peter Brezny wrote:
>Hello,
>
>I've just added a second external interface to a machine. I'd like to not
>have to duplicate all the rules that involve outside interfaces.
>
>
>I've got rules like
>
> $fwcmd add deny all from 0.0.0.0/8 to any in via $oif
>
>is it possible to specify multiple interfaces for one rule by letting
>
>oif= ed0,ed1
>
>?
No, rc.firewall is just a shell script, $oif would be replaced with ed0,ed1
and if you read the ipfw manpage you'll see that ipfw doesn't like that.
You could however use ed* which would match every ed interface in the box.
>Similarly, would that work for the ip's of the outside if's?
>
> $fwcmd add allow ip from $oip to any keep-state out via $oif
>
>oip= 10.10.1.1,10.10.1.2
>
>?
Again, no. But you can use netmasks. 10.10.1.1/24 and
10.10.1.1:255.255.255.0 would both match 10.10.1.* IPs, or you could try
10.10.1.1/30 which would match 10.10.1.0, 10.10.1.1, 10.10.1.2 and
10.10.1.3 if I'm not mistaken.
>And finally, my rc.conf defines the interface for natd like this:
>
>
>natd_interface="xl0"
>
>
>is it possible to have natd run on both external interfaces without
>causing problems? how would i configure that?
Why would you want to run natd on external 2 interfaces at the same time?
DocWilco
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.0.20010224144707.00df4100>