Date: Sat, 11 Jul 1998 18:08:11 +0200 (CEST) From: Malte Lance <malte@webmore.com> To: Martin Husemann <martin@rumolt.teuto.de> Cc: hm@hcs.de, freebsd-isdn@FreeBSD.ORG, (Michael Hohmuth) <hohmuth@innocent.com> Subject: Re: fallback-IP-addr for dyn. dials. Is there any use for it ? Message-ID: <XFMail.980711180811.malte@webmore.com> In-Reply-To: <199807110702.JAA02484@rumolt.teuto.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11-Jul-98 Martin Husemann wrote: >> Here, the interface is assigned 141.76.92.31 before connection, and >> this IP address has been allowed to send out data in the firewall >> configuration. Therefore, autodial works. > [..] >> I have to admit, however, that I'm always assigned the same IP >> address. I haven't thought about how to configure the firewall if I >> was assigned a different IP address each time. > > Me too, but in one installation we are assigned a dynamic ip address. > Works just the same: you'll have to know what range of ip adresses your > provider picks your dynamic adress from and allow that whole range to > send outgoing data. Passing packets is not the problem. Starting the dial is the problem. When your local-IP on the sppp-device is set to 0.0.0.0 you always will need an ipfw-rule that allows "0.0.0.0 to any" just for triggering the dial. After the connection is setup and the local IP-addr for the sppp-device dynamically assigned, there are no problems. Then, when the connection is closed, the IP-addr on the sppp-device is set again to 0.0.0.0. Now how do you think a dial will be triggered when a packet arrives on the sppp-device and you don't have a "pass all from 0.0.0.0 to any ..."-rule in your firewall-file. It won't be. Putting the 0.0.0.0-trigger-rule into the firewall-config is just moving isdnd-functionality into the firewall. I found it just annoying to add this 0.0.0.0-"trigger-rule" into my firewall-file and i did not for sure knew what implications such a rule would have. And i found it much neater to just add "dynlip" to the 'spppcontrol'-call instead of configuring the sppp-device with a magic 0.0.0.0 number. Yes, 0.0.0.0 is magical for routing and that's ok, but why config a device with 0.0.0.0 ??? Thats all. Malte. > > > Martin > ---------------------------------- E-Mail: Malte Lance <malte@webmore.com> Date: 11-Jul-98 Time: 17:55:00 ---------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isdn" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.980711180811.malte>