Date: Wed, 24 Sep 2003 15:38:11 +0800 From: "Michael Lee(HINET)" <kuniaki.lee@msa.hinet.net> To: <freebsd-questions@freebsd.org> Subject: Question for ipf setting on single NIC box Message-ID: <001501c3826e$cecc1300$ca00a8c0@michael>
next in thread | raw e-mail | index | archive | help
Hi all,
I only have a NIC on my FreeBSD Box.
Here is my configuration:
ifconfig de0 aaa.bbb.ccc.ddd netmask 255.255.255.0 ( My External Interface )
ifconfig de0_alias0 192.168.1.254 netmask 255.255.255.0 ( My Virtual
Internal Interface )
and this is the result shown for ifconfig -L
de0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet aaa.bbb.ccc.ddd netmask 0xffffff00 broadcast aaa.bbb.ccc.255
inet 192.168.1.254 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:80:c8:f6:7b:c7
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
( aaa.bbb.ccc.ddd is the static IP I got from the ISP )
Everything seems OK to me that the NIC binds the virtual IP.
The question is that while configuring ipf.rules and ipnat.rules
( Originally, I use tun0 as the external interface for ppp dialup.
It is OK to set the ipf rules to block the incoming and outgoing packet
through tun0. )
But now I switched to static IP DSL and I failed to configure the de0 ( ext.
if )
while applying the following rules:
block in quick on de0 from 192.168.0.0/16 to any
block out quick on de0 from 192.168.0.0/16 to any
After applying the above rules, ipf seems to block the packet on de0_alias0.
DHCPD cannot even send out packet to the local subnet ( 192.168.1.0/24 )
( ipf block all traffic that should be block in the outside interface )
I can only add pass in quick all and pass out quick all now or the traffic
will be completely blocked .
However, to add only pass in quick all and pass out quick all seems not a
good idea for the firewall.
Is there anyway to solve the problem ? Or if I wrongly configure ipf ?
Thank you!
Michael Lee
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001501c3826e$cecc1300$ca00a8c0>