From owner-freebsd-net  Sat Feb 24  6: 9:30 2001
Delivered-To: freebsd-net@freebsd.org
Received: from hera.drwilco.net (isis.drwilco.net [194.109.63.159])
	by hub.freebsd.org (Postfix) with ESMTP id AB04637B491
	for <freebsd-net@FreeBSD.ORG>; Sat, 24 Feb 2001 06:09:26 -0800 (PST)
	(envelope-from drwilco@drwilco.nl)
Received: from ceres.drwilco.nl (ceres.drwilco.net [10.1.1.19])
	by hera.drwilco.net (8.11.2/8.11.1) with ESMTP id f1OEMMo66732;
	Sat, 24 Feb 2001 15:22:23 +0100 (CET)
	(envelope-from drwilco@drwilco.nl)
Message-Id: <4.3.2.7.0.20010224144707.00df4100@mail.bsdchicks.com>
X-Sender: lists@mail.bsdchicks.com
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Sat, 24 Feb 2001 14:58:52 +0100
To: Peter Brezny <peter@black.purplecat.net>, freebsd-net@FreeBSD.ORG
From: "Rogier R. Mulhuijzen" <drwilco@drwilco.nl>
Subject: Re: ipfw simple quesiton
In-Reply-To: <Pine.BSF.4.05.10102221800540.8312-100000@black.purplecat.n
 et>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 18:07 22-2-01 -0500, Peter Brezny wrote:
>Hello,
>
>I've just added a second external interface to a machine.  I'd like to not
>have to duplicate all the rules that involve outside interfaces.
>
>
>I've got rules like
>
>         $fwcmd add deny all from 0.0.0.0/8 to any in via $oif
>
>is it possible to specify multiple interfaces for one rule by letting
>
>oif= ed0,ed1
>
>?

No, rc.firewall is just a shell script, $oif would be replaced with ed0,ed1 
and if you read the ipfw manpage you'll see that ipfw doesn't like that.

You could however use ed* which would match every ed interface in the box.

>Similarly, would that work for the ip's of the outside if's?
>
>         $fwcmd add allow ip from $oip to any keep-state out via $oif
>
>oip= 10.10.1.1,10.10.1.2
>
>?

Again, no. But you can use netmasks. 10.10.1.1/24 and 
10.10.1.1:255.255.255.0 would both match 10.10.1.* IPs, or you could try 
10.10.1.1/30 which would match 10.10.1.0, 10.10.1.1, 10.10.1.2 and 
10.10.1.3 if I'm not mistaken.

>And finally, my rc.conf defines the interface for natd like this:
>
>
>natd_interface="xl0"
>
>
>is it possible to have natd run on both external interfaces without
>causing problems?  how would i configure that?

Why would you want to run natd on external 2 interfaces at the same time?

         DocWilco


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message