Date: Thu, 10 Sep 2009 18:25:14 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Maxim Khitrov <mkhitrov@gmail.com> Cc: Free BSD Questions list <freebsd-questions@freebsd.org> Subject: Re: Correct way to configure an IP range for firewall Message-ID: <4AA9367A.5070208@infracaninophile.co.uk> In-Reply-To: <26ddd1750909100518m59de30a4vaffc4e946780e812@mail.gmail.com> References: <26ddd1750909091144x447fb4bt93e4bdc56d7a9202@mail.gmail.com> <4AA7FC04.4040508@infracaninophile.co.uk> <26ddd1750909100518m59de30a4vaffc4e946780e812@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigD4384F0528CDBAED2401E43E
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Maxim Khitrov wrote:
> On Wed, Sep 9, 2009 at 3:03 PM, Matthew
> Seaman<m.seaman@infracaninophile.co.uk> wrote:
>> Maxim Khitrov wrote:
>>
>>> Am I correct in assuming that I just need to add four
>>> ifconfig_vr0_alias[0-3] lines to rc.conf? What happens if in the
>>> future we get a much bigger IP block, is there a more efficient way o=
f
>>> accomplishing the same thing? I don't actually want the firewall to
>>> consider itself the final destination for any of the additional IPs,
>>> it just needs to pass them to pf for nat and filtering.
>> Assuming your assigned network is 192.0.2.24/29:
>>
>> ipv4_addrs_vr0=3D"192.0.2.25-30"
>>
>> See rc.conf(5) for details.
>>
>> Cheers,
>>
>> Matthew
>=20
> Thanks! I looked through /etc/defaults/rc.conf and somehow missed
> ipv4_addrs. So if I understand the man page correctly, a single
> ipv4_addrs_vr0=3D"x.x.x.9-13/29" line can replace both the aliases and
> the one ifconfig_vr0 line. Is that correct? I'm not certain because
> the man page states that "an ifconfig_<interface> variable is also
> assumed to exist for each value of interface," but everything seems to
> be working fine without it.
Correct. However, the only things you can set with ipv4_addrs_ifX are
IP numbers and netmasks. If you want to use DHCP or WPA or to fix the
port to a particular duplex setting or to toggle various other controller=
specific settings, then the ifconfig_ifX{,_aliasY} variables are your
friends.
You can combine both variable forms for configuring the same interface,
although this works best if you do all alias IP setup using ipv4_addrs_if=
X
and just use ifconfig_ifX to set general properties on the interface.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enigD4384F0528CDBAED2401E43E
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREIAAYFAkqpNnoACgkQ8Mjk52CukIwj4QCfW9dfVv/r4arugzEuwchEWFaa
efMAoJRyWYGiZWuTxPlnysIW1iN4FU37
=0T9E
-----END PGP SIGNATURE-----
--------------enigD4384F0528CDBAED2401E43E--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AA9367A.5070208>