From owner-freebsd-questions  Thu Mar 28 20:21:44 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from smtp-2.enteract.com (smtp-2.enteract.com [207.229.143.4])
	by hub.freebsd.org (Postfix) with ESMTP id 236C137B417
	for <freebsd-questions@freebsd.org>; Thu, 28 Mar 2002 20:21:41 -0800 (PST)
Received: from jamestown.21stcentury.net (24-148-18-101.na.21stcentury.net [24.148.18.101])
	by smtp-2.enteract.com (Postfix) with ESMTP
	id 554DC6495; Thu, 28 Mar 2002 22:21:39 -0600 (CST)
Received: (from jtm@localhost)
	by jamestown.21stcentury.net (8.11.6/8.11.3) id g2T4Lbw94629;
	Thu, 28 Mar 2002 22:21:37 -0600 (CST)
	(envelope-from jtm63@enteract.com)
X-Authentication-Warning: jamestown.21stcentury.net: jtm set sender to jtm63@enteract.com using -f
To: "Martyn Hill" <sysadmin@st-james-snrgirls.w-london.sch.uk>
Cc: "Samuel Chow" <cyschow@shaw.ca>,
	"FreeBSD-questions" <freebsd-questions@freebsd.org>
Subject: Re: Cable-modem, dynamic IP, NAT and IPFW
References: <LPBBIGIAAKKEOEJOLEGOKEEFCMAA.barbish@a1poweruser.com>
	<001e01c1d672$0b46f520$0a00000a@stjames.net>
	<02b701c1d674$ffcd9ca0$2784412f@ca.nortel.com>
	<003d01c1d676$111728e0$0a00000a@stjames.net>
From: James McNaughton <jtm63@enteract.com>
Date: 28 Mar 2002 22:21:32 -0600
In-Reply-To: <003d01c1d676$111728e0$0a00000a@stjames.net>
Message-ID: <86zo0shulu.fsf@jamestown.21stcentury.net>
Lines: 20
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.1
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

In case it helps, this is what I put in my rc.firewall file to handle
DHCP assigned dynamic IP's:


# set these to your network and netmask and ip
net=`ifconfig ep0 | awk '/inet / {print $2}' | sed -e 's/\.[0-9]*$/.0/'`
mask="255.255.255.0"
ip=`ifconfig ep0 | awk '/inet / {print $2}'`

I think I got the idea from the mailing list archives. Many people do
similar things.

I've found that when the lease expires on my IP address I just keep
getting the same one reassigned. So I've never developed strategy for
updating the firewall rules on the fly like that.

BTW, if you're running without a firewall on the net, take a look at
/etc/hosts.allow for some _rudimentary_ security. Also, as has been
said, don't enable NFS. Also, review /etc/inetd.conf.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message