From owner-freebsd-questions Mon Jan 6 17:29:22 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A1E0F37B406 for ; Mon, 6 Jan 2003 17:29:20 -0800 (PST) Received: from smtp1.knology.net (user-24-214-63-226.knology.net [24.214.63.226]) by mx1.FreeBSD.org (Postfix) with SMTP id C2DB943E4A for ; Mon, 6 Jan 2003 17:29:19 -0800 (PST) (envelope-from dkelly@HiWAAY.net) Received: (qmail 22796 invoked from network); 7 Jan 2003 01:29:06 -0000 Received: from unknown (HELO grumpy.dyndns.org) (24.214.34.52) by smtp1.knology.net with SMTP; 7 Jan 2003 01:29:06 -0000 Content-Type: text/plain; charset="us-ascii" From: David Kelly To: FreeBSD-Questions@FreeBSD.org Subject: Re: [Q] ipfw and 'me' Date: Mon, 6 Jan 2003 19:29:08 -0600 User-Agent: KMail/1.4.3 References: <3E19B689.2090207@witchspace.com> <20030106171001.GA13668@submonkey.net> <3E19BB9E.6010207@witchspace.com> In-Reply-To: <3E19BB9E.6010207@witchspace.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200301061929.08239.dkelly@HiWAAY.net> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Monday 06 January 2003 11:23 am, Jonathan Belson wrote: > Ceri Davies wrote: > >> > >>Since the machine is a gateway, it has two network cards. Will > >>'me' match *both* IP address or just the first one it comes > >>across? I only really want it to match the IP address of the > >>external interface, not the internal one. > > > > Both, I'm afraid. > > Hmm, I suppose since tests for IP spoofing through the external > interface have already been carried out by that point, it isn't > that much of a problem. So what is the probem with using "to/from me via fxp0"? Or possibly "any via fxp0" as you have already decided to accept whatever address is assigned to the NIC. Problem with lifting the IP address off the NIC after DHCP is that you have to redo it every time the IP address changes. I have a script (/etc/dhclient-exit-hook) to run ddup into mine but have never felt totally comfortable with the result and waited about 6 months with it running before I actually let it run ddup live rather than "echo dddup " to a log file. Speaking of which, I sure would like to get rid of these from /var/log/messages. Other machines on this ISP do the same even without the dhclient addition mentioned above: Jan 6 13:30:54 grumpy dhclient: New Network Number: 24.214.34.0 Jan 6 13:30:54 grumpy dhclient: New Broadcast Address: 24.214.34.255 Jan 6 14:40:12 grumpy dhclient: New Network Number: 24.214.34.0 Jan 6 14:40:12 grumpy dhclient: New Broadcast Address: 24.214.34.255 My address does not change, but this stuff floods messages. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message