Date: Mon, 28 Aug 2000 18:01:04 -0400 (EDT) From: Bruce Petro <bpetro@usa.com> To: freebsd-questions <freebsd-questions@FreeBSD.ORG> Subject: RE: ipfw setup when dhcp? Message-ID: <384197957.967500064518.JavaMail.root@web302-mc.mail.com>
next in thread | raw e-mail | index | archive | help
Michael, thanks for the reply - yes, you have a good point, after I reviewed the contents of the rc.firewall that they had documented on http://www.mostgraveconcern.com/freebsd/ (The dual-homed host article - which is what I was going by), I see that the only use of the actual onet and omask and inet and imask was to perform the rules he titles: # Stop spoofing. (see details below). So, can anyone share is the #stop spoofing possible to do when you are under dhcp and not able to know ahead of time what your onet and omask are going to be? I know inet and imask are static, and well, I guess you could assume the omask is pretty static, but still the onet address remains quite dynamic... Any ideas? Thanks, Bruce. ************************************************************ PS: HERE IS THE TEXT FROM mostgraveconcern.com TO SHOW WHAT THEY ARE DOING TO ACCOMPLISH THE SPOOFING PROTECTION ... # Outside interface network and netmask and ip oif="dc0" onet="123.45.67.0" omask="255.255.252.0" oip="123.45.67.89" # Inside interface network and netmask and ip iif="ep0" inet="10.0.0.0" imask="255.255.255.0" iip="10.0.0.1" # Stop spoofing ${fwcmd} add deny log all from ${inet}:${imask} to any in via ${oif} ${fwcmd} add deny log all from ${onet}:${omask} to any in via ${iif} ************************************************************* Michael wrote: > >Bruce, I use roadrunner myself, and I have not had to enter this info in >rc.firewall. Have a look at >http://www.defcon1.org//html/Networking_Articles/Firewall-Ipfw/firewall-ipfw >.html > >This is the guide I used to setup my firewall. Setup up two of them, and >they work like champs. > >...Michael... > >> -----Original Message----- >> From: owner-freebsd-questions@FreeBSD.ORG >> [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Bruce Petro >> Sent: Monday, August 28, 2000 11:59 AM >> To: freebsd-questions >> Subject: ipfw setup when dhcp? >> >> >> Can someone advise what to do in this - I know in setting up >> ipfw, part of what you should do is setup the following in >> rc.firewall... >> >> # Outside interface network and netmask and ip >> oif="dc0" >> onet="123.45.67.0" >> omask="255.255.252.0" >> oip="123.45.67.89" >> >> But when you are connecting to dhcp (roadrunner) what are you >> supposed to put into these? Should you put your 'currently >> assigned' address with the current mask and that in effect >> would define you possible addresses? Or is there some >> notation that will simply echo whatever address I've been >> given this time? >> >> ______________________________________________ >> FREE Personalized Email at Mail.com >> Sign up at http://www.mail.com/?sr=signup >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message >> ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?384197957.967500064518.JavaMail.root>