Date: Mon, 9 Apr 2001 16:15:19 -0700 (PDT) From: Larry Librettez <lipshitz909@yahoo.com> To: michael@tenzo.com, freebsd-questions@FreeBSD.ORG Subject: Re: How to specify external network for firewall/NAT when IP is dynamically assigned Message-ID: <20010409231519.12244.qmail@web13205.mail.yahoo.com> In-Reply-To: <01040914110602.01892@pravda.tenzo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
'me' is descriped in the Rule Format section, in the
src and dst subsection:
"src and dst:
any | me | [not] <address/mask> [ports]
Specifying any makes the rule match any
IP number.
Specifying me makes the rule match any IP
number configured on an
interface in the system."
However, if I recall correctly, 'me' first appeared in
the 4.2-STABLE version of ipfw.
--- Michael O'Henly <michael@tenzo.com> wrote:
> Thanks for the reply, Larry. Unfortunately, I don't
> see any reference to 'me'
> in the ipfw man page. Is there another place I
> should be looking?
>
> M.
>
> On Monday 09 April 2001 13:46, Larry Librettez
> wrote:
> > Take a look at the man ipfw page, specifically the
> use
> > of 'me' as a destination. 'me' can be used for
> > dynamically assigned IP addresses as in your case.
> I
> > use it for my ppp dialup connections. You may
> have to
> > change your rc.firewall script a bit though to
> > accomodate the 'me' destination.
> >
> > One other alternative is to use awk to extract
> your IP
> > address from the output of ifconfig, and
> incorporate
> > that into rc.firewall.
> >
> > I'm sure there are other ways of doing it though.
> >
> > --- Michael O'Henly <michael@tenzo.com> wrote:
> > > Hi...
> > >
> > > I'm attempting to set up a simple firewall for
> my
> > > home network. I have a
> > > FreeBSD box with two NICs, one connected to the
> > > internet via cable modem and
> > > the other to an internal network on which there
> are
> > > two Macs. My external IP
> > > is assigned by DHCP. I'm not running any
> services
> > > that I want accessible to
> > > external users, or any from which I'd want to
> block
> > > internal users.
> > >
> > > I've read a lot of docs over the last few days
> on
> > > how to do this and I think
> > > I have the basics straight -- but for this
> question:
> > >
> > > In /etc/rc.firewall (simple section), I'm asked
> to
> > > identify my networks.
> > > Since my IP is dynamically assigned, how do I
> > > specify my outside network
> > > interface? Here's the format (replacing
> 1.2.3.444/24
> > > with actual values)...
> > >
> > > # set these to your outside network interface
> and
> > > netmask and ip
> > > oif="ed0"
> > > onet="1.2.3.444/24"
> > > omask="255.255.255.0"
> > > oip="1.2.3.444"
> > >
> > > # set these to your inside network interface and
> > > netmask and ip
> > > iif="ed1"
> > > inet="192.168.0.444/24"
> > > imask="255.255.255.0"
> > > iip="192.168.0.444"
> > >
> > > Thanks.
> > >
> > > M.
> > >
> > > --
> > > Michael O'Henly
> > > TENZO Design
> > >
> > > To Unsubscribe: send mail to
> majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-questions" in the body
> of
> > > the message
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Get email at your own domain with Yahoo! Mail.
> > http://personal.mail.yahoo.com/
>
> --
> Michael O'Henly
> TENZO Design
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of
> the message
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010409231519.12244.qmail>