* [email protected] <[email protected]> [2012-01-10 16:34]:
> $ ifconfig -m "Interface model, ie de0, re0, etc"
> does not work anymore (SAwO).
ifconfig $if media
> ##### 3 #####
>
> Snappy Answers to Stupid Questions...
>
> # QUOTE starts HERE #
>
> 6.2.1 - Identifying and setting up your network interfaces
> (...)
> $ ifconfig
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33200
> priority: 0
> groups: lo
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
> inet 127.0.0.1 netmask 0xff000000
> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:04:ac:dd:39:6a
> priority: 0
> media: Ethernet autoselect (100baseTX full-duplex)
> status: active
> inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255
> inet6 fe80::204:acff:fedd:396a%fxp0 prefixlen 64 scopeid 0x1
> enc0: flags=0<>
> priority: 0
> groups: enc
> status: active
> pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33200
> priority: 0
> groups: pflog
>
> # QUOTE ends HERE #
>
> If I understand this example correctly,
> and reading the man pages again,
> the inet address for the network
> interface fxp0 is 192.168.1.34.
> I wonder how this address is redirected
> to 10.0.0.38 as stated on the following paragraph?
>
> # QUOTE starts HERE #
>
> As you can see here, ifconfig(8) gives us a lot more information than we need
> at this point. But, it still allows us to see our interface. In the above
> example, the interface card is already configured. This is obvious because an
> IP network is already configured on fxp0, hence the values "inet 10.0.0.38
> netmask 0xffffff00 broadcast 10.0.0.255". Also, the UP and RUNNING flags are
> set.
> # QUOTE ends HERE #
> Perhaps I should look into the PF ruleset...
that paragraph and your quotes ifconfig output don't match at all. if
you substitute the IPs it does.
> ##### 4 #####
>
> PF: Example: Firewall for Home or Small Office
>
> One of the stated objective is:
>
> - Make the ruleset as simple and easy to maintain as possible.
>
> In the example provided, 4 macros are provided:
>
> int_if="xl0"
> tcp_services="{ 22, 113 }"
> icmp_types="echoreq"
> comp3="192.168.0.3"
>
> For maintenance sake, would it not be
> appropriate to define the other
> mysterious outgoing interface "fxp0"
> as well, as declared in the following
> options section?
>
> The ruleset migh suffer a little bit of
> complications by adding one more macro.
>
> Who knows, perhaps the "fxp0" network
> interface does not want to get all the attention...
this is inconsistent at least.
macros are free, basically. only used in pfctl at parse time.
--
Henning Brauer, [email protected], [email protected]
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
