From owner-freebsd-questions Tue Sep 26 16:44:51 2000 Delivered-To: freebsd-questions@freebsd.org Received: from web4503.mail.yahoo.com (web4503.mail.yahoo.com [216.115.105.64]) by hub.freebsd.org (Postfix) with SMTP id ECC9637B43C for ; Tue, 26 Sep 2000 16:44:41 -0700 (PDT) Message-ID: <20000926234441.9938.qmail@web4503.mail.yahoo.com> Received: from [192.251.173.7] by web4503.mail.yahoo.com; Tue, 26 Sep 2000 16:44:41 PDT Date: Tue, 26 Sep 2000 16:44:41 -0700 (PDT) From: Ben Hacker Jr Subject: Is IPFilter & DHCP possible?? To: list DC-FBSD , questions FBSD MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thanks in advance!! (I am not a member of FreeBSD Questions list so please answer directly if you're from that list.) I am configuring IPFilter on a box using dialup PPP w/DHCP. (It will likely change to DSL in the future so answers for that are good also.) How do I get the files /etc/ipf.conf & /etc/ipnat.conf to use the dynamically assigned "real" IP addresses, i.e. modify a line like this: map ep0 10.0.0.0/8 -> 24.24.24.24/32 portmap tcp/udp 10000:65000 --- WHERE 24.24.24.24 is the IP address from DHCP. *** AND/OR modify the filter configuration*** # (Output from MKFILTERS) # The following routes should be configured, if not already: # # route add 10.1.1.1 localhost 0 # block in log quick from any to any with ipopts block in log quick proto tcp from any to any with short pass out on ed0 all head 150 #FW > in block out from 127.0.0.0/8 to any group 150 block out from any to 127.0.0.0/8 group 150 block out from any to 10.1.1.1/32 group 150 pass in on ed0 all head 100 #Outgoing block in from 127.0.0.0/8 to any group 100 block in from 10.1.1.1/32 to any group 100 block in from 24.24.24.24/0xffffff00 to any group 100 pass out on tun0 all head 350 #FW > out block out from 127.0.0.0/8 to any group 350 block out from any to 127.0.0.0/8 group 350 block out from any to 24.24.24.24/32 group 350 pass in on tun0 all head 300 #Incoming block in from 127.0.0.0/8 to any group 300 block in from 24.24.24.24/32 to any group 300 block in from 10.1.1.1/0xffffff00 to any group 300 --- WHERE 24.24.24.24 is the IP address from DHCP. ===== -=*=- -=*=- -=*=- -=*=- -=*=- -=*=- -=*=- -=*=- -=*=- Ben Hacker Jr Technical Specialist Computer Sciences Corporation (703) 289-3477 MC 291 bhacker1@csc.com 3170 Fairview Park Drive strben@altavista.com Falls Church, VA 22304 -=*=- -=*=- -=*=- -=*=- -=*=- -=*=- -=*=- -=*=- -=*=- __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message