From owner-freebsd-questions Sun Feb 14 15:15:09 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA23777 for freebsd-questions-outgoing; Sun, 14 Feb 1999 15:15:09 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from neptune.psn.net (neptune.psn.net [207.211.58.16]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA23772 for ; Sun, 14 Feb 1999 15:15:07 -0800 (PST) (envelope-from chemtechweb@psn.net) Received: from 2-4.phx.psn.net ([209.63.50.4] helo=psn.net) by neptune.psn.net with esmtp (PSN Internet Service 2.10 #1) for freebsd-questions@freebsd.org id 10CAkk-0002an-00; Sun, 14 Feb 1999 16:15:07 -0700 Message-ID: <36C7595A.34B3B91E@psn.net> Date: Sun, 14 Feb 1999 16:16:42 -0700 From: Emmanuel Gravel Reply-To: chemtechweb@psn.net Organization: Orbit Communications X-Mailer: Mozilla 4.08 [en] (Win98; I) MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG Subject: How to setup IPFW rules for dynamic address? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have a FreeBSD box that I want to use as a gateway/firewall to the net in a small LAN through a dialup connection. I have an idea on how to setup User PPP so that it'll connect on-demand (at least I know where to get the info). What I don't know is how to tell the firewall to restrict/accept incoming data from the modem (here tun0 interface of course) using a dynamically allocated address which can be from one of three distinct IP ranges. I know what the address of the other side of the PPP link is, most often (I've seen it change at times). I've searched the archives, and Doug White had suggested to keep the rules as general as possible, except from known (internal) addresses. This is something I can't do since I want to setup servers which should only be accessible to people who have certain IP address ranges (mostly the same as the ones I can be assigned) and have all other connections blocked out from the outside interface. Does anyone know of any docs/ tutorials/etc about setting up firewalls on dynamically allocated addresses on known interfaces? Is it possible at all? Thanks for your help, Manu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message