Hi all,

I only have a NIC on my FreeBSD Box.

Here is my configuration:
ifconfig de0 aaa.bbb.ccc.ddd netmask ( My External Interface )
ifconfig de0_alias0 netmask ( My Virtual
Internal Interface )

and this is the result shown for ifconfig -L

        inet aaa.bbb.ccc.ddd netmask 0xffffff00 broadcast aaa.bbb.ccc.255
        inet netmask 0xffffff00 broadcast
        ether 00:80:c8:f6:7b:c7
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

( aaa.bbb.ccc.ddd is the static IP I got from the ISP )

Everything seems OK to me that the NIC binds the virtual IP.

The question is that while configuring ipf.rules and ipnat.rules
( Originally, I use tun0 as the external interface for ppp dialup.
It is OK to set the ipf rules to block the incoming and outgoing packet
through tun0. )
But now I switched to static IP DSL and I failed to configure the de0 ( ext.
if )
while applying the following rules:

block in quick on de0 from to any
block out quick on de0 from to any

After applying the above rules, ipf seems to block the packet on de0_alias0.
DHCPD cannot even send out packet to the local subnet ( )
( ipf block all traffic that should be block in the outside interface )

I can only add pass in quick all and pass out quick all now or the traffic
will be completely blocked .
However, to add only pass in quick all and pass out quick all seems not a
good idea for the firewall.

Is there anyway to solve the problem ? Or if I wrongly configure ipf ?

Thank you!

Michael Lee

