From owner-freebsd-questions@FreeBSD.ORG Thu Sep 10 12:19:01 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6B9081065679 for ; Thu, 10 Sep 2009 12:19:01 +0000 (UTC) (envelope-from mkhitrov@gmail.com) Received: from mail-yw0-f175.google.com (mail-yw0-f175.google.com [209.85.211.175]) by mx1.freebsd.org (Postfix) with ESMTP id 9A6B58FC1D for ; Thu, 10 Sep 2009 12:18:59 +0000 (UTC) Received: by ywh5 with SMTP id 5so66138ywh.4 for ; Thu, 10 Sep 2009 05:18:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=3pmp/58z6eEimeiRy1IcPE59SRcYX7fjTmJc2Y8aqy8=; b=J7IlSHz5qaEuIicnG9K7X4kaF6mqqqYizkzy+XqLowTE6TTgpinHL+FrXx1IviXYdr iBfXtGNb9blAXZTLO+I0hQMD8NmvVn0P59957IzeOvxV+7En9iy1umY9bDRvKhNPEUTM k04oTgImvFvmNbmjB12AoAQc+hNh3XGj4lXfU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; b=qaseOR0FZDGumBCTWq96Y3I0rISOpi8EFtMPvNF7nuLDNyg67hpBXZ4fUTKdaYCg+V rbSwL1E4b6+V3SzCvNc5nAat/EMoi0KoJJVPUgoZdmcFocctBRuHuTo/VCfEw7CN79ha HDi0hrszMES/SVAvGgmJvein3sv41xq6fJKLY= MIME-Version: 1.0 Received: by 10.101.103.15 with SMTP id f15mr1473063anm.193.1252585139069; Thu, 10 Sep 2009 05:18:59 -0700 (PDT) In-Reply-To: <4AA7FC04.4040508@infracaninophile.co.uk> References: <26ddd1750909091144x447fb4bt93e4bdc56d7a9202@mail.gmail.com> <4AA7FC04.4040508@infracaninophile.co.uk> From: Maxim Khitrov Date: Thu, 10 Sep 2009 08:18:39 -0400 Message-ID: <26ddd1750909100518m59de30a4vaffc4e946780e812@mail.gmail.com> To: Matthew Seaman Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: Free BSD Questions list Subject: Re: Correct way to configure an IP range for firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Sep 2009 12:19:01 -0000 On Wed, Sep 9, 2009 at 3:03 PM, Matthew Seaman wrote: > Maxim Khitrov wrote: > >> Am I correct in assuming that I just need to add four >> ifconfig_vr0_alias[0-3] lines to rc.conf? What happens if in the >> future we get a much bigger IP block, is there a more efficient way of >> accomplishing the same thing? I don't actually want the firewall to >> consider itself the final destination for any of the additional IPs, >> it just needs to pass them to pf for nat and filtering. > > Assuming your assigned network is 192.0.2.24/29: > > ipv4_addrs_vr0=3D"192.0.2.25-30" > > See rc.conf(5) for details. > > =C2=A0 =C2=A0 =C2=A0 =C2=A0Cheers, > > =C2=A0 =C2=A0 =C2=A0 =C2=A0Matthew Thanks! I looked through /etc/defaults/rc.conf and somehow missed ipv4_addrs. So if I understand the man page correctly, a single ipv4_addrs_vr0=3D"x.x.x.9-13/29" line can replace both the aliases and the one ifconfig_vr0 line. Is that correct? I'm not certain because the man page states that "an ifconfig_ variable is also assumed to exist for each value of interface," but everything seems to be working fine without it. - Max