From owner-freebsd-questions Mon Apr 9 16:15:27 2001 Delivered-To: freebsd-questions@freebsd.org Received: from web13205.mail.yahoo.com (web13205.mail.yahoo.com [216.136.174.190]) by hub.freebsd.org (Postfix) with SMTP id F344F37B423 for ; Mon, 9 Apr 2001 16:15:20 -0700 (PDT) (envelope-from lipshitz909@yahoo.com) Message-ID: <20010409231519.12244.qmail@web13205.mail.yahoo.com> Received: from [169.139.124.27] by web13205.mail.yahoo.com; Mon, 09 Apr 2001 16:15:19 PDT Date: Mon, 9 Apr 2001 16:15:19 -0700 (PDT) From: Larry Librettez Subject: Re: How to specify external network for firewall/NAT when IP is dynamically assigned To: michael@tenzo.com, freebsd-questions@FreeBSD.ORG In-Reply-To: <01040914110602.01892@pravda.tenzo.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG 'me' is descriped in the Rule Format section, in the src and dst subsection: "src and dst: any | me | [not]
[ports] Specifying any makes the rule match any IP number. Specifying me makes the rule match any IP number configured on an interface in the system." However, if I recall correctly, 'me' first appeared in the 4.2-STABLE version of ipfw. --- Michael O'Henly wrote: > Thanks for the reply, Larry. Unfortunately, I don't > see any reference to 'me' > in the ipfw man page. Is there another place I > should be looking? > > M. > > On Monday 09 April 2001 13:46, Larry Librettez > wrote: > > Take a look at the man ipfw page, specifically the > use > > of 'me' as a destination. 'me' can be used for > > dynamically assigned IP addresses as in your case. > I > > use it for my ppp dialup connections. You may > have to > > change your rc.firewall script a bit though to > > accomodate the 'me' destination. > > > > One other alternative is to use awk to extract > your IP > > address from the output of ifconfig, and > incorporate > > that into rc.firewall. > > > > I'm sure there are other ways of doing it though. > > > > --- Michael O'Henly wrote: > > > Hi... > > > > > > I'm attempting to set up a simple firewall for > my > > > home network. I have a > > > FreeBSD box with two NICs, one connected to the > > > internet via cable modem and > > > the other to an internal network on which there > are > > > two Macs. My external IP > > > is assigned by DHCP. I'm not running any > services > > > that I want accessible to > > > external users, or any from which I'd want to > block > > > internal users. > > > > > > I've read a lot of docs over the last few days > on > > > how to do this and I think > > > I have the basics straight -- but for this > question: > > > > > > In /etc/rc.firewall (simple section), I'm asked > to > > > identify my networks. > > > Since my IP is dynamically assigned, how do I > > > specify my outside network > > > interface? Here's the format (replacing > 1.2.3.444/24 > > > with actual values)... > > > > > > # set these to your outside network interface > and > > > netmask and ip > > > oif="ed0" > > > onet="1.2.3.444/24" > > > omask="255.255.255.0" > > > oip="1.2.3.444" > > > > > > # set these to your inside network interface and > > > netmask and ip > > > iif="ed1" > > > inet="192.168.0.444/24" > > > imask="255.255.255.0" > > > iip="192.168.0.444" > > > > > > Thanks. > > > > > > M. > > > > > > -- > > > Michael O'Henly > > > TENZO Design > > > > > > To Unsubscribe: send mail to > majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body > of > > > the message > > > > __________________________________________________ > > Do You Yahoo!? > > Get email at your own domain with Yahoo! Mail. > > http://personal.mail.yahoo.com/ > > -- > Michael O'Henly > TENZO Design > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of > the message __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message