mpd pppoe client problems

Artyom Viklenko artem at aws-net.org.ua
Wed Dec 13 01:30:58 PST 2006 

<quote who="Alexei">
> Hello, Artyom.
>
>> Why do you use ipnat and ipfw? May be better to
>> use one firewall? ipfilter itself or ipfw with natd
>> or ng-nat.
>
> I used to use ipfw as a firewall.. and natd makes too heavy cpu load.

Try to use ipfilter or pf. They do nat in kernel.
Or you can use ng_nat with ipfw.

>
>
>> I'm not shure but ipfilter allow to define rules with
>> interfaces which does not exist at the time of
>> firewall activation (at least PF can).
>
>> Also, you don't need to restart ntpd each time
>> your interface goes up. Same for named and apache.
>> Typically. May be you have some very interesting
>> requirements to do so?..
>
> Em.. Well.. After system startup there is no external interface (ng or
> tun) to bind to. How can I make those applications bind to the new
> interface after it gone up?

Do you really need to bind them to particular interface?
If you bind, for example, apache to wildcard address 0.0.0.0,
(as in default configuration),
it will work with new interfaces and addresses.
If you use some kind of ip-based virtualhost configuration,
you can bind it to some local private IP, and redirect
incoming traffic to that address. This local ip will always
be available for apache.

natd, as i know, bind itself to ALL ips on system. And it will
syncronize well with external time sources when they are beacame
available. I have dialup ppp connection at home and I have ntpd.
When link is up, it syncronizes with sources, when link is down
it lost syncronization until next availability of connection.
And I do not restart it every time link does up.

Your named, I think, can be binded to your internal address.
But it can send queries with any address available at the time of
sending this request depending on routing information.

Try to keep things as simple as possible! :)

-- 
           Sincerely yours,
                            Artyom Viklenko.
-------------------------------------------------------
artem at aws-net.org.ua | http://www.aws-net.org.ua/~artem
FreeBSD: The Power to Serve   -  http://www.freebsd.org

More information about the freebsd-net mailing list