From owner-freebsd-questions Mon Jan 11 21:06:44 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA26599 for freebsd-questions-outgoing; Mon, 11 Jan 1999 21:06:44 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from mta1-rme.xtra.co.nz (203-96-92-1.ipnets.xtra.co.nz [203.96.92.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA26593 for ; Mon, 11 Jan 1999 21:06:40 -0800 (PST) (envelope-from junkmale@pop3.xtra.co.nz) Received: from wocker ([210.55.210.87]) by mta1-rme.xtra.co.nz (InterMail v04.00.02.07 201-227-108) with SMTP id <19990112050535.EVKG682101.mta1-rme@wocker>; Tue, 12 Jan 1999 18:05:35 +1300 From: "Dan Langille" Organization: The FreeBSD Diary To: Brian Gregor Date: Tue, 12 Jan 1999 18:06:05 +1300 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: IPfilter & DHCP config Reply-to: junkmale@xtra.co.nz CC: freebsd-questions@FreeBSD.ORG In-reply-to: X-mailer: Pegasus Mail for Win32 (v3.01d) Message-Id: <19990112050535.EVKG682101.mta1-rme@wocker> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 11 Jan 99, at 10:04, Brian Gregor wrote: > I understand how to do the following: configure my two NICs, a 3Com > 509 (not 509b - I know this card sucks) and an SMC 8013, install > ipfilter and set up some rules for filtering and doing NAT, and install > DHCP so that the 3Com card will get its IP address and info from the cable > modem. > > Here are the steps I don't quite get (and would like to have figured out > BEFORE I take down a working system!): > > how to get the file /etc/natrules to use the dynamically > assigned "real" IP address, i.e. modify a line like this: > map ep0 10.0.0.0/8 -> 24.24.24.24/32 portmap tcp/udp 10000:65000 > where 24.24.24.24 is the IP address from DHCP. I've just been given the following from the ip filter list: Use 0.0.0.0/0 as your machine's address. I just did that and all that happened was the following rule was modified: block in log quick from any to any group 100 instead of block in log quick from my.real.ip.address/32 to any group 100 When your IP address changes, use ipf -y to resync with the values obtained from the interfaces. I'm not sure how to receive notification that your IP address *has* changes, but I'm sure someone on the list knows. In the meantime, I'll keep looking again tomorrow. > make sure that the two games I occasionally use online can pass > through the firewall, quake and delta force. I use the Linux > kernel module for quake, and the ipautofw program for df > currently. Would the standard "permissive rules" in the file > BASIC_2.FW in the ipfilter installation take care of this? I'm not sure, but you can start with everything shut and then open what you need. That's best. Also, I would start finding out what ports the above games use. I'm sure they've been talked about before. > I have read through the documentation on freebsddiary.com (a great > resource!) and the mailing list archives, but this is not clear to > me. Yes, it's lacking in a single point of reference for this info. Look under the new topic page, which groups things together by subject (e.g. DHCP). Perhaps that will help you understand that bit. If you want copies of my nat or ipf files, please ask and I'll send them via email or ftp. I think you'll be quite happy with ip filter. cheers. -- Dan Langille The FreeBSD Diary http://www.FreeBSDDiary.com/freebsd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message