From owner-freebsd-questions Sat Nov 18 2:32:48 2000 Delivered-To: freebsd-questions@freebsd.org Received: from relay1.intercom.es (relay1.intercom.es [212.66.160.19]) by hub.freebsd.org (Postfix) with ESMTP id 5194A37B479 for ; Sat, 18 Nov 2000 02:32:41 -0800 (PST) Received: from lix.intercom.es (root@lix.intercom.es [212.66.160.2]) by relay1.intercom.es (8.11.1/8.11.1) with ESMTP id eAI9JYp31293; Sat, 18 Nov 2000 10:19:34 +0100 Received: from intercom.es (iv2-50.intercom.es [212.66.169.50]) by lix.intercom.es (8.9.3/8.9.3) with ESMTP id LAA07676; Sat, 18 Nov 2000 11:21:21 +0100 Received: (from megarcia@localhost) by intercom.es (8.11.0/8.11.0) id eAIAYd600882; Sat, 18 Nov 2000 11:34:39 +0100 (CET) (envelope-from megarcia) Date: Sat, 18 Nov 2000 11:34:39 +0100 From: Manuel Enrique Garcia Cuesta To: Eirik Apeland Cc: "freebsd-questions@FreeBSD.ORG" Subject: Re: ipfw question Message-ID: <20001118113439.A581@ilex.kicelo.org> References: <20001117223144.LASX22986.fep01-svc.swip.net@tng> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i In-Reply-To: <20001117223144.LASX22986.fep01-svc.swip.net@tng> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Eirik, === Eirik Apeland escribia (Fri, Nov 17, 2000 at 11:34:09PM +0100): > > Hi. > > I'm running a "simple" firewall with the rc.firewall script, and have > added a few lines of my own to it. > > I have a dailup connection to my ISP, so I can't use a "real" > IP for my ISDN card. > > Anyone know how to implement the IP I'm getting from my ISP > into my ipfw rules? Unless somebody shows up with a better idea, I think your best chance is using the interface name instead of the external IP address (whenever it's involved ) in your rules. Your success will probably depend on what exactly you want to achieve, though. > > ex. > > # set these to your outside interface network and netmask and ip > oif="isp0" > onet="0.0.0.0" > omask="255.255.255.0" > oip="0.0.0.1" > > # set these to your inside interface network and netmask and ip > iif="xl0" > inet="10.0.0.0" > imask="255.255.255.0" > iip="10.0.0.10" > > > # Stop spoofing > ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif} > > This rule will be all wrong as it is today. In my personal case I have commented out this rule; I trust nobody in the internal network (namely: me) will pretend to have an IP address other than the ones the administrator (namely: me) has assigned. > > Hope you understand what I'm after here :) Hope this helps > > Regards > Eirik > > Manuel Garcia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message