From owner-freebsd-stable Sun Apr 15 19:17:53 2001 Delivered-To: freebsd-stable@freebsd.org Received: from h24-69-46-74.gv.shawcable.net (h24-69-46-74.gv.shawcable.net [24.69.46.74]) by hub.freebsd.org (Postfix) with ESMTP id 5F6E537B43F for ; Sun, 15 Apr 2001 19:17:48 -0700 (PDT) (envelope-from michael@tenzo.com) Received: from h24-69-46-74.gv.shawcable.net (localhost.gv.shawcable.net [127.0.0.1]) by h24-69-46-74.gv.shawcable.net (8.11.1/8.11.1) with SMTP id f3G2KM115442 for ; Sun, 15 Apr 2001 19:20:22 -0700 (PDT) (envelope-from michael@tenzo.com) Content-Type: text/plain; charset="iso-8859-1" From: "Michael O'Henly" Reply-To: michael@tenzo.com Organization: TENZO Design To: freebsd-stable@FreeBSD.ORG Subject: ipfw question... Date: Sun, 15 Apr 2001 19:20:22 -0700 X-Mailer: KMail [version 1.2] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <01041519202200.15431@h24-69-46-74.gv.shawcable.net> Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've got my ipfw firewall/NAT setup basically working but there are still some rough edges. One is the way I'm specifying the externat network... My FreeBSD box has two NICs: the external NIC is assigned an IP via DHCP and the internal NIC I've aribitrarily assigned 192.168.0.1. There are two other machines on the internal network. In the "simple" section of /etc/rc.firewall, I'm asked to identify the external and internal NIC, network, netmask and IP. From what I've read in the Handbook, man pages, and the FreeBSD Diary, it should look something like this: # set these to your outside interface network and netmask and ip oif="rl0" onet="1.2.3.4/24" omask="255.255.255.0" oip="1.2.3.4" # set these to your inside interface network and netmask and ip iif="xl0" inet="192.168.0.0/24" imask="255.255.255.0" iip="192.168.0.1" The internal network is fine since its values don't change. If my external IP was static, I could enter values as above, but since it's dynamic, I need to either use some kind of wild card or determine the current IP on-the-fly. This is what I'm doing at the moment: # set these to your outside interface network and netmask and ip oif="rl0" onet=`ifconfig rl0 | grep "inet " | awk '{print $2}'` omask="255.255.254.0" oip=`ifconfig rl0 | grep "inet " | awk '{print $2}'` After calculating the IP, onet and oip would have values looking like: onet="1.2.3.4" oip="1.2.3.4" This isn't exactly what I believe is required here. I think onet ideally should be in the form of "1.2.3.4/24" but I'm not sure how to do this. Anyway, when I reboot and check dmesg I see that onet has been transformed into "1.2.3.4/23". In other words, something is adding "/nn" to the end of the value -- and adding "23" instead of "24". What's happening here? I should add that the parsing scheme for onet and oip came from a FreeBSD Diary article. What they actually recommended was: # set these to your outside interface network and netmask and ip oif="rl0" onet=`ifconfig rl0 | grep "inet " | awk '{print $6}'` omask="255.255.254.0" oip=`onet=`ifconfig rl0 | grep "inet " | awk '{print $2}'` ...which gives values like: onet="1.2.3.255" oip="1.2.3.4" Does "1.2.3.255" _means_ the same thing as "1.2.3.4/24"? Finally, I've read about "me", "any" and "not" as wild cards for these values, but they don't seem to be supported in 4.2. I'd appreciate any pointers on setting this up correctly. M. -- Michael O'Henly TENZO Design To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message