DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 9th August 2012
bsdperson bsdperson is offline
Port Guard
 
Join Date: May 2008
Posts: 35
Thanked 0 Times in 0 Posts
Red face pf rdr to hostname rather than ip

In my pf.conf I have lines like this

Code:
rdr on $ext_if proto tcp from any to ($ext_if) port 5060 -> asterisk
to redirect traffic to a specific machine. However this will only work if the firewall knows what asterisk means. In this case asterisk gets its ip by dhcp (which also runs on the fw). So if the firewall is rebooted this will not work until I login and do pfctl -f /etc/pf.conf after the ips are assigned.

One solution would be to go to static ips, but it's rather convenient to use dhcp and also makes pf.conf easy to read. How can this be solved?

Can I delay pf in rc.d do make it run after dhcpd? If so, how and what side effects would that bring?

This is on a FBSD 9.0-RELEASE-p3 machine.
Reply With Quote
  #2   (View Single Post)  
Old 9th August 2012
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,148
Thanked 182 Times in 149 Posts
Default

Just assign a static IP through DHCP:
Code:
        host static-client {
                hardware ethernet  00:18:dc:47:b0:4c ;
                fixed-address 192.168.223.20 ;
        }
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 10th August 2012
bsdperson bsdperson is offline
Port Guard
 
Join Date: May 2008
Posts: 35
Thanked 0 Times in 0 Posts
Default

Yes, that is my setup (but with dnsmasq). But during a reboot, pf doesn't know that. So the rules doesn't work.
Reply With Quote
  #4   (View Single Post)  
Old 10th August 2012
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,148
Thanked 182 Times in 149 Posts
Default

Because you assigned a fixed IP you can use that IP in your pf.conf

Code:
asterisk = 10.22.33.44

rdr on $ext_if proto tcp from any to ($ext_if) port 5060 -> $asterisk
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #5   (View Single Post)  
Old 15th August 2012
bsdperson bsdperson is offline
Port Guard
 
Join Date: May 2008
Posts: 35
Thanked 0 Times in 0 Posts
Default

Yes but it also means that I need to map asterisk to 10.22.33.44 in both dnsmasq.conf and pf.conf.

It seems that the easiest way to solve this would be to move dns to a different machine.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting hostname Franciscus NetBSD Installation and Upgrading 4 4th December 2011 03:30 AM
My domain name as my IRC hostname? guitarscn General software and network 6 15th September 2010 02:43 PM
Hostname problem, and others gaeilgeboy FreeBSD General 3 7th July 2008 11:30 PM
Hostname / web hosting issues vitiate FreeBSD General 4 20th May 2008 02:23 PM


All times are GMT. The time now is 05:58 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick