At 18:07 22-2-01 -0500, Peter Brezny wrote:
>Hello,
>
>I've just added a second external interface to a machine. I'd like to not
>have to duplicate all the rules that involve outside interfaces.
>
>
>I've got rules like
>
> $fwcmd add deny all from 0.0.0.0/8 to any in via $oif
>
>is it possible to specify multiple interfaces for one rule by letting
>
>oif= ed0,ed1
>
>?
No, rc.firewall is just a shell script, $oif would be replaced with ed0,ed1
and if you read the ipfw manpage you'll see that ipfw doesn't like that.
You could however use ed* which would match every ed interface in the box.
>Similarly, would that work for the ip's of the outside if's?
>
> $fwcmd add allow ip from $oip to any keep-state out via $oif
>
>oip= 10.10.1.1,10.10.1.2
>
>?
Again, no. But you can use netmasks. 10.10.1.1/24 and
10.10.1.1:255.255.255.0 would both match 10.10.1.* IPs, or you could try
10.10.1.1/30 which would match 10.10.1.0, 10.10.1.1, 10.10.1.2 and
10.10.1.3 if I'm not mistaken.
>And finally, my rc.conf defines the interface for natd like this:
>
>
>natd_interface="xl0"
>
>
>is it possible to have natd run on both external interfaces without
>causing problems? how would i configure that?
Why would you want to run natd on external 2 interfaces at the same time?
DocWilco
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
