From owner-freebsd-isdn Sat Jul 11 09:11:11 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA14735 for freebsd-isdn-outgoing; Sat, 11 Jul 1998 09:11:11 -0700 (PDT) (envelope-from owner-freebsd-isdn@FreeBSD.ORG) Received: from cyclone.degnet.baynet.de (www.degnet.baynet.de [194.95.214.129]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id JAA14722 for ; Sat, 11 Jul 1998 09:11:06 -0700 (PDT) (envelope-from malte@webmore.com) Received: from neuron.webmore.com (unverified [194.95.214.175]) by cyclone.degnet.baynet.de (EMWAC SMTPRS 0.83) with SMTP id ; Sat, 11 Jul 1998 18:12:23 +0200 Received: (from malte@webmore.com) by neuron.webmore.com (8.8.8/8.8.8) id SAA00400; Sat, 11 Jul 1998 18:08:13 +0200 (CEST) Message-ID: X-Mailer: XFMail 1.2 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <199807110702.JAA02484@rumolt.teuto.de> Date: Sat, 11 Jul 1998 18:08:11 +0200 (CEST) Reply-To: malte@webmore.com From: Malte Lance To: Martin Husemann Subject: Re: fallback-IP-addr for dyn. dials. Is there any use for it ? Cc: hm@hcs.de, freebsd-isdn@FreeBSD.ORG, (Michael Hohmuth) Sender: owner-freebsd-isdn@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 11-Jul-98 Martin Husemann wrote: >> Here, the interface is assigned 141.76.92.31 before connection, and >> this IP address has been allowed to send out data in the firewall >> configuration. Therefore, autodial works. > [..] >> I have to admit, however, that I'm always assigned the same IP >> address. I haven't thought about how to configure the firewall if I >> was assigned a different IP address each time. > > Me too, but in one installation we are assigned a dynamic ip address. > Works just the same: you'll have to know what range of ip adresses your > provider picks your dynamic adress from and allow that whole range to > send outgoing data. Passing packets is not the problem. Starting the dial is the problem. When your local-IP on the sppp-device is set to 0.0.0.0 you always will need an ipfw-rule that allows "0.0.0.0 to any" just for triggering the dial. After the connection is setup and the local IP-addr for the sppp-device dynamically assigned, there are no problems. Then, when the connection is closed, the IP-addr on the sppp-device is set again to 0.0.0.0. Now how do you think a dial will be triggered when a packet arrives on the sppp-device and you don't have a "pass all from 0.0.0.0 to any ..."-rule in your firewall-file. It won't be. Putting the 0.0.0.0-trigger-rule into the firewall-config is just moving isdnd-functionality into the firewall. I found it just annoying to add this 0.0.0.0-"trigger-rule" into my firewall-file and i did not for sure knew what implications such a rule would have. And i found it much neater to just add "dynlip" to the 'spppcontrol'-call instead of configuring the sppp-device with a magic 0.0.0.0 number. Yes, 0.0.0.0 is magical for routing and that's ok, but why config a device with 0.0.0.0 ??? Thats all. Malte. > > > Martin > ---------------------------------- E-Mail: Malte Lance Date: 11-Jul-98 Time: 17:55:00 ---------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isdn" in the body of the message