From owner-freebsd-questions@FreeBSD.ORG Mon Jul 7 14:04:29 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 78EBA37B401 for ; Mon, 7 Jul 2003 14:04:29 -0700 (PDT) Received: from ns.museum.rain.com (gw-ipinc.museum.rain.com [206.29.169.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 712D443F93 for ; Mon, 7 Jul 2003 14:04:28 -0700 (PDT) (envelope-from james_mapson@umpquanet.com) Received: from ns.museum.rain.com (localhost [127.0.0.1]) by ns.museum.rain.com (8.12.9/8.12.9) with ESMTP id h67L4Q26030649; Mon, 7 Jul 2003 14:04:26 -0700 (PDT) (envelope-from james@umpquanet.com) Received: (from james@localhost) by ns.museum.rain.com (8.12.9/8.12.9/Submit) id h67L4PiD030648; Mon, 7 Jul 2003 14:04:25 -0700 (PDT) (envelope-from james) Date: Mon, 7 Jul 2003 14:04:25 -0700 From: James Long To: Dirk-Willem van Gulik Message-ID: <20030707140425.A30539@ns.museum.rain.com> References: <20030707222807.V47890-100000@foem> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20030707222807.V47890-100000@foem>; from dirkx@webweaving.org on Mon, Jul 07, 2003 at 10:29:58PM +0200 X-Spam-Status: No, hits=-5.0 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES, REPLY_WITH_QUOTES,USER_AGENT_MUTT version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: freebsd-questions@freebsd.org Subject: Re: Symbolic names for (ethernet) interfaces X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jul 2003 21:04:29 -0000 On Mon, Jul 07, 2003 at 10:29:58PM +0200, Dirk-Willem van Gulik wrote: > > How does one specify a 'symbolic' name for an ethernet interface; i.e. be > able to refer to rl0, vx1 or ep0 by a name like 'net0, net1' or 'net2'. > > With net1 et.al. tied to a specific PCI slot or card Mac address. So that > it becomes easier to write HW independed rc.conf or zebra.conf files. Consider this snippet of my rc.conf, wherein I declare my outside interface as symbolic name ${oif} and my inside interface as ${iif}. Where I define iif or oif you might choose to define net0 or net1 instead. oif="dc0" oip="206.29.169.27" omask="255.255.255.0" iif="tl0" iip="206.29.168.233" imask="255.255.255.248" eval ifconfig_${oif}="\"inet ${oip} netmask ${omask}\"" eval ifconfig_${iif}="\"inet ${iip} netmask ${imask}\"" # eval ifconfig_${iif}="\"DHCP\"" Then I can source rc.conf in my firewall script, and say stuff like you see below, and if I ever have to change IPs (or more likely, I clone the script to set up another machine), I just edit rc.conf. #!/usr/local/bin/bash # Suck in the configuration variables oif, oip, iif, iip, imask if [ -f /etc/defaults/rc.conf ]; then echo Reading /etc/defaults/rc.conf . /etc/defaults/rc.conf source_rc_confs fi fw="/sbin/ipfw" # inside network inet="${iip}:${imask}" ... ${fw} add deny log all from 127.0.0.0/8 to any via ${oif} ${fw} add deny log all from 127.0.0.0/8 to any via ${iif} ${fw} add deny log all from any to 127.0.0.0/8 via ${oif} ${fw} add deny log all from any to 127.0.0.0/8 via ${iif} ${fw} add allow all from any to any via lo0 ${fw} add deny log all from ${inet} to any recv ${oif} ${fw} add deny log all from not ${inet} to any recv ${iif} ... # Allow DHCP on internal interface ${fw} add allow udp from any to any 67-68 via ${iif} ########################### # # NAT # ########################### ${fw} add divert natd ip from any to any via ${oif} (etc.)