Date: Sun, 15 Apr 2001 19:20:22 -0700 From: "Michael O'Henly" <michael@tenzo.com> To: freebsd-stable@FreeBSD.ORG Subject: ipfw question... Message-ID: <01041519202200.15431@h24-69-46-74.gv.shawcable.net>
next in thread | raw e-mail | index | archive | help
I've got my ipfw firewall/NAT setup basically working but there are still
some rough edges. One is the way I'm specifying the externat network...
My FreeBSD box has two NICs: the external NIC is assigned an IP via DHCP and
the internal NIC I've aribitrarily assigned 192.168.0.1. There are two other
machines on the internal network.
In the "simple" section of /etc/rc.firewall, I'm asked to identify the
external and internal NIC, network, netmask and IP. From what I've read in
the Handbook, man pages, and the FreeBSD Diary, it should look something like
this:
# set these to your outside interface network and netmask and ip
oif="rl0"
onet="1.2.3.4/24"
omask="255.255.255.0"
oip="1.2.3.4"
# set these to your inside interface network and netmask and ip
iif="xl0"
inet="192.168.0.0/24"
imask="255.255.255.0"
iip="192.168.0.1"
The internal network is fine since its values don't change.
If my external IP was static, I could enter values as above, but since it's
dynamic, I need to either use some kind of wild card or determine the current
IP on-the-fly. This is what I'm doing at the moment:
# set these to your outside interface network and netmask and ip
oif="rl0"
onet=`ifconfig rl0 | grep "inet " | awk '{print $2}'`
omask="255.255.254.0"
oip=`ifconfig rl0 | grep "inet " | awk '{print $2}'`
After calculating the IP, onet and oip would have values looking like:
onet="1.2.3.4"
oip="1.2.3.4"
This isn't exactly what I believe is required here. I think onet ideally
should be in the form of "1.2.3.4/24" but I'm not sure how to do this.
Anyway, when I reboot and check dmesg I see that onet has been transformed
into "1.2.3.4/23". In other words, something is adding "/nn" to the end of
the value -- and adding "23" instead of "24". What's happening here?
I should add that the parsing scheme for onet and oip came from a FreeBSD
Diary article. What they actually recommended was:
# set these to your outside interface network and netmask and ip
oif="rl0"
onet=`ifconfig rl0 | grep "inet " | awk '{print $6}'`
omask="255.255.254.0"
oip=`onet=`ifconfig rl0 | grep "inet " | awk '{print $2}'`
...which gives values like:
onet="1.2.3.255"
oip="1.2.3.4"
Does "1.2.3.255" _means_ the same thing as "1.2.3.4/24"?
Finally, I've read about "me", "any" and "not" as wild cards for these
values, but they don't seem to be supported in 4.2.
I'd appreciate any pointers on setting this up correctly.
M.
--
Michael O'Henly
TENZO Design
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01041519202200.15431>