From owner-freebsd-questions Mon Apr 9 13:34:57 2001 Delivered-To: freebsd-questions@freebsd.org Received: from pravda.tenzo.net (h24-69-46-74.gv.shawcable.net [24.69.46.74]) by hub.freebsd.org (Postfix) with ESMTP id F0AF737B424 for ; Mon, 9 Apr 2001 13:34:53 -0700 (PDT) (envelope-from michael@tenzo.com) Received: from pravda.tenzo.net (localhost.localdomain [127.0.0.1]) by pravda.tenzo.net (Postfix) with SMTP id D9CA63F25 for ; Mon, 9 Apr 2001 13:34:57 -0700 (PDT) Content-Type: text/plain; charset="iso-8859-1" From: Michael O'Henly Reply-To: michael@tenzo.com Organization: TENZO Design To: freebsd-questions@FreeBSD.ORG Subject: How to specify external network for firewall/NAT when IP is dynamically assigned Date: Mon, 9 Apr 2001 13:34:57 -0700 X-Mailer: KMail [version 1.2] MIME-Version: 1.0 Message-Id: <01040913345700.01892@pravda.tenzo.net> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi... I'm attempting to set up a simple firewall for my home network. I have a FreeBSD box with two NICs, one connected to the internet via cable modem and the other to an internal network on which there are two Macs. My external IP is assigned by DHCP. I'm not running any services that I want accessible to external users, or any from which I'd want to block internal users. I've read a lot of docs over the last few days on how to do this and I think I have the basics straight -- but for this question: In /etc/rc.firewall (simple section), I'm asked to identify my networks. Since my IP is dynamically assigned, how do I specify my outside network interface? Here's the format (replacing 1.2.3.444/24 with actual values)... # set these to your outside network interface and netmask and ip oif="ed0" onet="1.2.3.444/24" omask="255.255.255.0" oip="1.2.3.444" # set these to your inside network interface and netmask and ip iif="ed1" inet="192.168.0.444/24" imask="255.255.255.0" iip="192.168.0.444" Thanks. M. -- Michael O'Henly TENZO Design To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message