From owner-freebsd-stable@FreeBSD.ORG Thu Mar 27 10:06:47 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7890737B404 for ; Thu, 27 Mar 2003 10:06:47 -0800 (PST) Received: from mashed.turnip.org.uk (pc-80-192-58-101-az.blueyonder.co.uk [80.192.58.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A63143FCB for ; Thu, 27 Mar 2003 10:06:45 -0800 (PST) (envelope-from jonathan@turnip.org.uk) Received: from jonathan by mashed.turnip.org.uk with local (Exim 4.12) id 18yblt-0000la-00; Thu, 27 Mar 2003 18:06:37 +0000 Date: Thu, 27 Mar 2003 18:06:37 +0000 From: Jonathan Vaughan To: FreeBSD Stable Message-ID: <20030327180637.GA2791@mashed.turnip.org.uk> Mail-Followup-To: Jonathan Vaughan , FreeBSD Stable References: <20030325092007.GB73657@sunbay.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i X-Spam-Status: No, hits=-32.5 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES, REPLY_WITH_QUOTES,USER_AGENT_MUTT autolearn=ham version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) Subject: Re: Natd stops working on Firewall X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Mar 2003 18:06:49 -0000 On Tue, Mar 25, 2003 at 08:33:12PM -0500, Scot wrote: > Thanks Ruslan ; > I'll give it a try right now. > > Just want to send this out before I switch firewalls, > assuming I might be down for an hour or so tweaking. > > oip and iip are static variables in rc.firewall but > under DHCP oip is a moving target. Is there a recommended > way to pass these to rc.firewall so a re-edit is not needed? I just use a perl script (below), and use its output as the value for $oip in rc.firewall No doubt there's a better way of doing it, and it won't deal with changes to your IP after you've booted (I know that won't happen in my case). If you want to use it, then in rc.firewall put $oip=`/usr/local/bin/myip ` (or whatever you call it) and put the following in that file, changing $and chmod +x it #!/usr/bin/perl -w use strict; my $if = $ARGV[0] || 'de0'; chomp (my $ifc = `ifconfig $if | grep inet | head -1`); $ifc =~ /inet\s(\d+\.\d+\.\d+\.\d+)\s/; print $1; Jon