From owner-freebsd-pf@FreeBSD.ORG Mon Jan 24 21:03:24 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D319A16A4CE for ; Mon, 24 Jan 2005 21:03:24 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8098543D53 for ; Mon, 24 Jan 2005 21:03:23 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.155] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CtBMo-0001zw-00; Mon, 24 Jan 2005 22:03:22 +0100 Received: from [217.227.156.99] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CtBMn-0004jZ-00; Mon, 24 Jan 2005 22:03:22 +0100 From: Max Laier To: freebsd-pf@freebsd.org Date: Mon, 24 Jan 2005 22:03:01 +0100 User-Agent: KMail/1.7.2 References: <200501241541.41601.pathiaki@pathiaki.com> In-Reply-To: <200501241541.41601.pathiaki@pathiaki.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2435893.npx8UV9vAx"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200501242203.10228.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Re: Dynamic Addresses and PF X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jan 2005 21:03:25 -0000 --nextPart2435893.npx8UV9vAx Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 24 January 2005 21:41, Paul J. Pathiakis wrote: > Hi, > > if I'm using a DSL dynamic address, on an external i/f, should I be using > the parentheses everywhere? > > ext_if2 =3D "tun0" > ext_gw2 =3D "70.1.2.3" > > That is, on a NAT rule such as: > > nat on $ext_if2 from $lan_net2 to any -> ($ext_if2) > > should I write it as: > > nat on ($ext_if2) from $lan_net2 to any -> ($ext_if2) > > ? No. The dynamic address modifier does not apply to the "on ifspec" part. = The=20 first rule is correct, the second one won't parse. > Also, since ext_if2 is declared as "tun0" for a DSLconnection, is there a > way to replace ext_gw2 in all my rules be something like ($ext_if2)? > > That is, could I do this: > > ext_gw2 =3D ($ext_if2) > > at the beginning of declarations to allow the ext_gw2 variable to be set = to > the dynamic IP address of the ext_if2? > > Is this possible? Yes it is. You'd do: ext_if=3Dtun0 ext_gw=3D"(" $ext_if ")" be careful with the whitespaces on that. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2435893.npx8UV9vAx Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBB9WKOXyyEoT62BG0RArFeAJ9P3Xi83UYjjyQlIyZwP9JXDgtbKwCfTL15 7kA8ky8mRKz12/s1Nezq+NM= =2avo -----END PGP SIGNATURE----- --nextPart2435893.npx8UV9vAx--