Date: Mon, 9 Apr 2001 14:11:06 -0700 From: Michael O'Henly <michael@tenzo.com> To: freebsd-questions@FreeBSD.ORG Subject: Re: How to specify external network for firewall/NAT when IP is dynamically assigned Message-ID: <01040914110602.01892@pravda.tenzo.net> In-Reply-To: <20010409204658.21620.qmail@web13208.mail.yahoo.com> References: <20010409204658.21620.qmail@web13208.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for the reply, Larry. Unfortunately, I don't see any reference to 'me' in the ipfw man page. Is there another place I should be looking? M. On Monday 09 April 2001 13:46, Larry Librettez wrote: > Take a look at the man ipfw page, specifically the use > of 'me' as a destination. 'me' can be used for > dynamically assigned IP addresses as in your case. I > use it for my ppp dialup connections. You may have to > change your rc.firewall script a bit though to > accomodate the 'me' destination. > > One other alternative is to use awk to extract your IP > address from the output of ifconfig, and incorporate > that into rc.firewall. > > I'm sure there are other ways of doing it though. > > --- Michael O'Henly <michael@tenzo.com> wrote: > > Hi... > > > > I'm attempting to set up a simple firewall for my > > home network. I have a > > FreeBSD box with two NICs, one connected to the > > internet via cable modem and > > the other to an internal network on which there are > > two Macs. My external IP > > is assigned by DHCP. I'm not running any services > > that I want accessible to > > external users, or any from which I'd want to block > > internal users. > > > > I've read a lot of docs over the last few days on > > how to do this and I think > > I have the basics straight -- but for this question: > > > > In /etc/rc.firewall (simple section), I'm asked to > > identify my networks. > > Since my IP is dynamically assigned, how do I > > specify my outside network > > interface? Here's the format (replacing 1.2.3.444/24 > > with actual values)... > > > > # set these to your outside network interface and > > netmask and ip > > oif="ed0" > > onet="1.2.3.444/24" > > omask="255.255.255.0" > > oip="1.2.3.444" > > > > # set these to your inside network interface and > > netmask and ip > > iif="ed1" > > inet="192.168.0.444/24" > > imask="255.255.255.0" > > iip="192.168.0.444" > > > > Thanks. > > > > M. > > > > -- > > Michael O'Henly > > TENZO Design > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of > > the message > > __________________________________________________ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/ -- Michael O'Henly TENZO Design To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01040914110602.01892>