Dynamic Addresses and PF
Max Laier
max at love2party.net
Mon Jan 24 13:03:25 PST 2005
On Monday 24 January 2005 21:41, Paul J. Pathiakis wrote:
> Hi,
>
> if I'm using a DSL dynamic address, on an external i/f, should I be using
> the parentheses everywhere?
>
> ext_if2 = "tun0"
> ext_gw2 = "70.1.2.3"
>
> That is, on a NAT rule such as:
>
> nat on $ext_if2 from $lan_net2 to any -> ($ext_if2)
>
> should I write it as:
>
> nat on ($ext_if2) from $lan_net2 to any -> ($ext_if2)
>
> ?
No. The dynamic address modifier does not apply to the "on ifspec" part. The
first rule is correct, the second one won't parse.
> Also, since ext_if2 is declared as "tun0" for a DSLconnection, is there a
> way to replace ext_gw2 in all my rules be something like ($ext_if2)?
>
> That is, could I do this:
>
> ext_gw2 = ($ext_if2)
>
> at the beginning of declarations to allow the ext_gw2 variable to be set to
> the dynamic IP address of the ext_if2?
>
> Is this possible?
Yes it is. You'd do:
ext_if=tun0
ext_gw="(" $ext_if ")"
be careful with the whitespaces on that.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20050124/3425137c/attachment.bin
More information about the freebsd-pf
mailing list