Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 29 Mar 2002 18:14:00 +0000
From:      Scott Mitchell <scott.mitchell@mail.com>
To:        Martyn Hill <sysadmin@st-james-snrgirls.w-london.sch.uk>
Cc:        FreeBSD-questions <freebsd-questions@FreeBSD.ORG>
Subject:   Re: Cable-modem, dynamic IP, NAT and IPFW
Message-ID:  <20020329181400.B8371@fishballoon.dyndns.org>
In-Reply-To: <002b01c1d59c$1c7c30c0$0a00000a@stjames.net>; from sysadmin@st-james-snrgirls.w-london.sch.uk on Wed, Mar 27, 2002 at 02:31:38PM -0000
References:  <002b01c1d59c$1c7c30c0$0a00000a@stjames.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Mar 27, 2002 at 02:31:38PM -0000, Martyn Hill wrote:
> In particular, configuring IPFW for dynamic IP (I have a working ruleset
> for fixed IP); which of NATD or UserPPP NAT is preferable (or easier) to
> configure/use and how best to configure the external NIC using the ISC
> DHCLIENT software.

This /etc/dhclient.conf works for me on NTL:

interface "ep0" {
        supersede domain-name-servers 127.0.0.1;
}

ep0 is obviously the external interface.  The only reason this file isn't
entirely empty is to make sure my name server gets used before NTL's.

IPFW, natd and dynamic rules (i.e, using keep-state and check-state) don't
work terribly well together -- see PR kern/29294.  If you avoid using
dynamic rules, and make sure to use interface names rather than IP
addresses (in case your dynamic IP changes), everything should be fine.  On
the other hand, user PPP's NAT doesn't have the problem with dynamic rules,
so if you're using that anyway, you might as well drop natd entirely.  I
can send you the relevant bits of my rc.firewall if you need more info on
this.

HTH,

	Scott

-- 
===========================================================================
Scott Mitchell          | PGP Key ID | "Eagles may soar, but weasels
Cambridge, England      | 0x54B171B9 |  don't get sucked into jet engines"
scott.mitchell@mail.com | 0xAA775B8B |      -- Anon

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020329181400.B8371>