Date: Sat, 8 Aug 2009 19:29:16 -0800 From: Mel Flynn <mel.flynn+fbsd.questions@mailing.thruhere.net> To: freebsd-questions@freebsd.org Cc: Nerius Landys <nlandys@gmail.com> Subject: Re: Building home router: 192.168.0.x to access internet Message-ID: <200908081929.17614.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> In-Reply-To: <560f92640908081932s69ae225mb3c55fef47a4924b@mail.gmail.com> References: <560f92640908081932s69ae225mb3c55fef47a4924b@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 08 August 2009 18:32:30 Nerius Landys wrote: > First, my choise of internal network IP addresses is 192.168.0.x. My > router machine's IP address will be 192.168.0.254 (that's the > interface facing the internal network). The IP addresses of the > machines behind the router will start at 192.168.0.2 and go up. I'm > wondering if this choice of IP addresses is conventional or good. Is > this numbering scheme decent? Convention is to use the lowest host IP address for the router and the highest for broadcast. Yet, it is only convention. There's nothing stopping you from using other address, as long as your client machines know this. > If so, can someone give me a really minimal yet secure packet filter > rule set that would do the job? (I'm prepared to read the pf docs, > which will take me a few hours.) The router will connect to the > outside via DHCP, and from what I remember I had to add a rule to not > drop packets that were DHCP-related. There's actually a nice example in the PF FAQ that covers some basics: http://www.openbsd.org/faq/pf/tagging.html There used to be a sample pf.conf, but I see that got nuked, yet there still are examples in /usr/share/examples/pf/. -- Mel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908081929.17614.mel.flynn%2Bfbsd.questions>