Correct way to configure an IP range for firewall

Matthew Seaman m.seaman at infracaninophile.co.uk
Thu Sep 10 17:25:22 UTC 2009 

Maxim Khitrov wrote:
> On Wed, Sep 9, 2009 at 3:03 PM, Matthew
> Seaman<m.seaman at infracaninophile.co.uk> wrote:
>> Maxim Khitrov wrote:
>>
>>> Am I correct in assuming that I just need to add four
>>> ifconfig_vr0_alias[0-3] lines to rc.conf? What happens if in the
>>> future we get a much bigger IP block, is there a more efficient way of
>>> accomplishing the same thing? I don't actually want the firewall to
>>> consider itself the final destination for any of the additional IPs,
>>> it just needs to pass them to pf for nat and filtering.
>> Assuming your assigned network is 192.0.2.24/29:
>>
>> ipv4_addrs_vr0="192.0.2.25-30"
>>
>> See rc.conf(5) for details.
>>
>>        Cheers,
>>
>>        Matthew
> 
> Thanks! I looked through /etc/defaults/rc.conf and somehow missed
> ipv4_addrs. So if I understand the man page correctly, a single
> ipv4_addrs_vr0="x.x.x.9-13/29" line can replace both the aliases and
> the one ifconfig_vr0 line. Is that correct? I'm not certain because
> the man page states that "an ifconfig_<interface> variable is also
> assumed to exist for each value of interface," but everything seems to
> be working fine without it.

Correct.  However, the only things you can set with ipv4_addrs_ifX are
IP numbers and netmasks.  If you want to use DHCP or WPA or to fix the
port to a particular duplex setting or to toggle various other controller
specific settings, then the ifconfig_ifX{,_aliasY} variables are your
friends.

You can combine both variable forms for configuring the same interface,
although this works best if you do all alias IP setup using ipv4_addrs_ifX
and just use ifconfig_ifX to set general properties on the interface.


	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20090910/7365107c/signature.pgp

More information about the freebsd-questions mailing list