Re: Re[6]: mpd pppoe client problems


<quote who="Alexei">
Hello, Artyom.

Why do you use ipnat and ipfw? May be better to
use one firewall? ipfilter itself or ipfw with natd
or ng-nat.

I used to use ipfw as a firewall.. and natd makes too heavy cpu load.

Try to use ipfilter or pf. They do nat in kernel.
Or you can use ng_nat with ipfw.



I'm not shure but ipfilter allow to define rules with
interfaces which does not exist at the time of
firewall activation (at least PF can).

Also, you don't need to restart ntpd each time
your interface goes up. Same for named and apache.
Typically. May be you have some very interesting
requirements to do so?..

Em.. Well.. After system startup there is no external interface (ng or
tun) to bind to. How can I make those applications bind to the new
interface after it gone up?

Do you really need to bind them to particular interface?
If you bind, for example, apache to wildcard address 0.0.0.0,
(as in default configuration),
it will work with new interfaces and addresses.
If you use some kind of ip-based virtualhost configuration,
you can bind it to some local private IP, and redirect
incoming traffic to that address. This local ip will always
be available for apache.

natd, as i know, bind itself to ALL ips on system. And it will
syncronize well with external time sources when they are beacame
available. I have dialup ppp connection at home and I have ntpd.
When link is up, it syncronizes with sources, when link is down
it lost syncronization until next availability of connection.
And I do not restart it every time link does up.

Your named, I think, can be binded to your internal address.
But it can send queries with any address available at the time of
sending this request depending on routing information.

Try to keep things as simple as possible! :)

--
Sincerely yours,
Artyom Viklenko.
-------------------------------------------------------
artem@xxxxxxxxxxxxxx | http://www.aws-net.org.ua/~artem
FreeBSD: The Power to Serve - http://www.freebsd.org


_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: multiple natd + ipfw, with 2 internal ips
    ... I have a little problem with my natd or ipfw configuration. ... Well you could if you set your internal interface to be in promiscuous mode and set proxy arp for that address ... is the next hop router, it uses ARP to find the MAC address of this router. ...
    (freebsd-net)
  • natd and ipfw external hangs
    ... em0 - external interface to the net 24.205.x.x ... natd seems to be doing the right thing. ... $IPFW 10 allow all from any to any via sk0 ... # Interface facing Public Internet ...
    (freebsd-questions)
  • RE: ipfw question
    ... I want to use ipfw to filter on both the true interface and the alias. ... >to get the functioning of IPFW and NATD clear in my head, ... >NATD hands packets back at rule 100 after translation, ...
    (FreeBSD-Security)
  • Re: port redirection from 2 public ips -> natd to a single service.
    ... > I'm using natd and doing port redirection with a natd.conf file. ... Can you run a separate instance of natd, on a separate port, and use ... IPFW to properly filter? ... > public interface and see if that would work. ...
    (freebsd-questions)
  • RE: Which interface do I put natd and ipfw
    ... You only NAT the public internet facing interface, ... You should turn on user ppp -nat function and not use the ipfw ... public internet use keep-state. ... All rules use via interface name to specify the interface the ...
    (freebsd-questions)