Date: Tue, 12 Jan 1999 18:06:05 +1300 From: "Dan Langille" <junkmale@xtra.co.nz> To: Brian Gregor <bgregor@buphy.bu.edu> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPfilter & DHCP config Message-ID: <19990112050535.EVKG682101.mta1-rme@wocker> In-Reply-To: <Pine.SGI.4.05.9901110953240.16377-100000@buphy.bu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11 Jan 99, at 10:04, Brian Gregor wrote: > I understand how to do the following: configure my two NICs, a 3Com > 509 (not 509b - I know this card sucks) and an SMC 8013, install > ipfilter and set up some rules for filtering and doing NAT, and install > DHCP so that the 3Com card will get its IP address and info from the cable > modem. > > Here are the steps I don't quite get (and would like to have figured out > BEFORE I take down a working system!): > > how to get the file /etc/natrules to use the dynamically > assigned "real" IP address, i.e. modify a line like this: > map ep0 10.0.0.0/8 -> 24.24.24.24/32 portmap tcp/udp 10000:65000 > where 24.24.24.24 is the IP address from DHCP. I've just been given the following from the ip filter list: Use 0.0.0.0/0 as your machine's address. I just did that and all that happened was the following rule was modified: block in log quick from any to any group 100 instead of block in log quick from my.real.ip.address/32 to any group 100 When your IP address changes, use ipf -y to resync with the values obtained from the interfaces. I'm not sure how to receive notification that your IP address *has* changes, but I'm sure someone on the list knows. In the meantime, I'll keep looking again tomorrow. > make sure that the two games I occasionally use online can pass > through the firewall, quake and delta force. I use the Linux > kernel module for quake, and the ipautofw program for df > currently. Would the standard "permissive rules" in the file > BASIC_2.FW in the ipfilter installation take care of this? I'm not sure, but you can start with everything shut and then open what you need. That's best. Also, I would start finding out what ports the above games use. I'm sure they've been talked about before. > I have read through the documentation on freebsddiary.com (a great > resource!) and the mailing list archives, but this is not clear to > me. Yes, it's lacking in a single point of reference for this info. Look under the new topic page, which groups things together by subject (e.g. DHCP). Perhaps that will help you understand that bit. If you want copies of my nat or ipf files, please ask and I'll send them via email or ftp. I think you'll be quite happy with ip filter. cheers. -- Dan Langille The FreeBSD Diary http://www.FreeBSDDiary.com/freebsd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990112050535.EVKG682101.mta1-rme>