Date: Thu, 10 Sep 2009 08:18:39 -0400 From: Maxim Khitrov <mkhitrov@gmail.com> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: Free BSD Questions list <freebsd-questions@freebsd.org> Subject: Re: Correct way to configure an IP range for firewall Message-ID: <26ddd1750909100518m59de30a4vaffc4e946780e812@mail.gmail.com> In-Reply-To: <4AA7FC04.4040508@infracaninophile.co.uk> References: <26ddd1750909091144x447fb4bt93e4bdc56d7a9202@mail.gmail.com> <4AA7FC04.4040508@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 9, 2009 at 3:03 PM, Matthew Seaman<m.seaman@infracaninophile.co.uk> wrote: > Maxim Khitrov wrote: > >> Am I correct in assuming that I just need to add four >> ifconfig_vr0_alias[0-3] lines to rc.conf? What happens if in the >> future we get a much bigger IP block, is there a more efficient way of >> accomplishing the same thing? I don't actually want the firewall to >> consider itself the final destination for any of the additional IPs, >> it just needs to pass them to pf for nat and filtering. > > Assuming your assigned network is 192.0.2.24/29: > > ipv4_addrs_vr0=3D"192.0.2.25-30" > > See rc.conf(5) for details. > > =C2=A0 =C2=A0 =C2=A0 =C2=A0Cheers, > > =C2=A0 =C2=A0 =C2=A0 =C2=A0Matthew Thanks! I looked through /etc/defaults/rc.conf and somehow missed ipv4_addrs. So if I understand the man page correctly, a single ipv4_addrs_vr0=3D"x.x.x.9-13/29" line can replace both the aliases and the one ifconfig_vr0 line. Is that correct? I'm not certain because the man page states that "an ifconfig_<interface> variable is also assumed to exist for each value of interface," but everything seems to be working fine without it. - Max
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?26ddd1750909100518m59de30a4vaffc4e946780e812>