From owner-freebsd-questions Mon Apr 9 14:11: 6 2001 Delivered-To: freebsd-questions@freebsd.org Received: from pravda.tenzo.net (h24-69-46-74.gv.shawcable.net [24.69.46.74]) by hub.freebsd.org (Postfix) with ESMTP id 43A7437B422 for ; Mon, 9 Apr 2001 14:11:02 -0700 (PDT) (envelope-from michael@tenzo.com) Received: from pravda.tenzo.net (localhost.localdomain [127.0.0.1]) by pravda.tenzo.net (Postfix) with SMTP id 9E6D13F25 for ; Mon, 9 Apr 2001 14:11:06 -0700 (PDT) Content-Type: text/plain; charset="iso-8859-1" From: Michael O'Henly Reply-To: michael@tenzo.com Organization: TENZO Design To: freebsd-questions@FreeBSD.ORG Subject: Re: How to specify external network for firewall/NAT when IP is dynamically assigned Date: Mon, 9 Apr 2001 14:11:06 -0700 X-Mailer: KMail [version 1.2] References: <20010409204658.21620.qmail@web13208.mail.yahoo.com> In-Reply-To: <20010409204658.21620.qmail@web13208.mail.yahoo.com> MIME-Version: 1.0 Message-Id: <01040914110602.01892@pravda.tenzo.net> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thanks for the reply, Larry. Unfortunately, I don't see any reference to 'me' in the ipfw man page. Is there another place I should be looking? M. On Monday 09 April 2001 13:46, Larry Librettez wrote: > Take a look at the man ipfw page, specifically the use > of 'me' as a destination. 'me' can be used for > dynamically assigned IP addresses as in your case. I > use it for my ppp dialup connections. You may have to > change your rc.firewall script a bit though to > accomodate the 'me' destination. > > One other alternative is to use awk to extract your IP > address from the output of ifconfig, and incorporate > that into rc.firewall. > > I'm sure there are other ways of doing it though. > > --- Michael O'Henly wrote: > > Hi... > > > > I'm attempting to set up a simple firewall for my > > home network. I have a > > FreeBSD box with two NICs, one connected to the > > internet via cable modem and > > the other to an internal network on which there are > > two Macs. My external IP > > is assigned by DHCP. I'm not running any services > > that I want accessible to > > external users, or any from which I'd want to block > > internal users. > > > > I've read a lot of docs over the last few days on > > how to do this and I think > > I have the basics straight -- but for this question: > > > > In /etc/rc.firewall (simple section), I'm asked to > > identify my networks. > > Since my IP is dynamically assigned, how do I > > specify my outside network > > interface? Here's the format (replacing 1.2.3.444/24 > > with actual values)... > > > > # set these to your outside network interface and > > netmask and ip > > oif="ed0" > > onet="1.2.3.444/24" > > omask="255.255.255.0" > > oip="1.2.3.444" > > > > # set these to your inside network interface and > > netmask and ip > > iif="ed1" > > inet="192.168.0.444/24" > > imask="255.255.255.0" > > iip="192.168.0.444" > > > > Thanks. > > > > M. > > > > -- > > Michael O'Henly > > TENZO Design > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of > > the message > > __________________________________________________ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/ -- Michael O'Henly TENZO Design To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message