Date: 09 Apr 2001 20:22:21 -0400 From: Lowell Gilbert <lowell@world.std.com> To: freebsd-questions@freebsd.org, michael@tenzo.com Subject: Re: How to specify external network for firewall/NAT when IP is dynamically assigned Message-ID: <44y9t97gea.fsf@lowellg.ne.mediaone.net> In-Reply-To: michael@tenzo.com's message of "9 Apr 2001 22:35:04 %2B0200" References: <01040913345700.01892@pravda.tenzo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
michael@tenzo.com (Michael O'Henly) writes: > I'm attempting to set up a simple firewall for my home network. I have a > FreeBSD box with two NICs, one connected to the internet via cable modem and > the other to an internal network on which there are two Macs. My external IP > is assigned by DHCP. I'm not running any services that I want accessible to > external users, or any from which I'd want to block internal users. > > I've read a lot of docs over the last few days on how to do this and I think > I have the basics straight -- but for this question: > > In /etc/rc.firewall (simple section), I'm asked to identify my networks. > Since my IP is dynamically assigned, how do I specify my outside network > interface? Here's the format (replacing 1.2.3.444/24 with actual values)... Assuming that you only *have* one external IP address (and, thus, are doing NAT), there isn't really much in there that needs to specify your IP address anyway. Most of the references to the IP address are only there to specify that incoming connections are okay to the firewall machine, but not to other machines on the inside; this check is useless if the internal addresses aren't visible on the outside anyway. Somewhat recently, FreeBSD has added a "me" option to ipfw's syntax for specifying addresses, and you can use this to refer to your address without needing to rebuild those rules if that address changes. However, as I said earlier, this is of somewhat limited usefulness if you've only got one address anyway. - Lowell To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44y9t97gea.fsf>