Date: Mon, 9 Apr 2001 14:16:08 -0700 From: Michael O'Henly <michael@tenzo.com> To: freebsd-questions@FreeBSD.ORG Subject: Re: How to specify external network for firewall/NAT when IP is dynamically assigned Message-ID: <01040914160803.01892@pravda.tenzo.net> In-Reply-To: <01040914110602.01892@pravda.tenzo.net> References: <20010409204658.21620.qmail@web13208.mail.yahoo.com> <01040914110602.01892@pravda.tenzo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry to follow up to my own post, but moments later I found this is the FreeBSD Diary (http://www.freebsddiary.org/firewall.html)... -----[ snip ]----- If you're trying to configure your firewall to work with DHCP or another dynamic connection, then use this line in /etc/rc.firewall (ed. note: remember to change ep0 as appropriate to your situation):onet=`ifconfig ep0 |grep "inet " |awk '{print $6}'` to replace:onet=255.255.255.x Also replace the entry for the ip address with:oip=`onet=`ifconfig ep0 |grep "inet " |awk '{print $2}'` This works because rc.firewall is a shell script, and using the backticks runs the command within. Note that ifconfig ep0 gets all the information on the specified network interface, grep gets the right line, and awk sucks in the right field. (in this case, the netmask). I'd try this command at the command line before putting it into rc.firewall though. :) Also remember when you're setting up your firewall to actually block things, (ie, not "open") that the order of the firewall rules is very important, and that when ipfw blocks internet requests, it logs the information in /var/log/security (and sometimes /var/log/messages) complete with the rule number, which you can look up in the output from "ipfw show," making it easy to find out why people can't get into your webserver. :) -----[ snip ]----- Thanks again for the help. M. -- Michael O'Henly TENZO Design To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01040914160803.01892>