|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Static and dynamic IP addresses and PF — SOLVED
Greetings all,
when my OpenBSD laptop is at home, I have a static IP address set in /etc/hostname.if and a gateway in /etc/mygate I also have a local address set in the /etc/resove to enable unbound. In the /etc/pf.conf I define a variable for the interface Code:
ext_if = if Kindest regard, M Last edited by mefisto; 11th July 2022 at 11:49 PM. |
|
|||
This is an example from my dhcpd configuration file, that shows how to assign a fixed IP address.
Code:
host hercules { # Realtek re NIC on AMD64 box hardware ethernet 00:19:db:47:b0:4c ; fixed-address 192.168.222.20 ; } Example from another computer: Code:
ifconfig bge0 bge0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500 lladdr a0:1d:48:97:5b:74 index 1 priority 0 llprio 3 groups: egress [snip]
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Hi jggimi, J65nko,
thank you very much, that is a very elegant solution. Can you also advise on the remaining two question, i.e., how d I deal with the identification of the interface in /etc/pf.conf and the /etc.resolv? Regarding the latter, would something like supersede command in/etc/dhclient.conf work? Kindest regards, M |
|
||||
In PF, an interface that is subject to changing addresses is denoted by surrounding the interface in parentheses, as described in the PF User's Guide and the pf.conf(5) man page. You'll find an example of the egress interface group surrounded by parentheses in /etc/examples/pf.conf, also.
Your resolv.conf(5) configuration should be either fully or semi-automated through dhcpleased(8). I happen to use unwind(8) as a resolver in my laptop, so I only have 3 lines in the file: Code:
nameserver 127.0.0.1 # resolvd: unwind lookup file bind family inet6 inet |
|
|||
Hi jggimi,
I did not ask the question correctly. I understand how to deal with potentially changing IP address. However, my question is as follows. In order to facilitate different, at this point, wired interfaces, I have defined a variable in /etc/pf.conf, e.g., Code:
ext_if = msk0 If I were to use a dhcp server, as you and J65nko suggested, and change from the static address configured by the dhcp server on the msk0 interface to a dynamic address assigned by the host dhcp server to the e.g., ath0, how do I make the /etc/pf.conf aware that the interface has changed? Can I do something like Code:
ext_if = "{ msk0, ath0 }" Thank you for pointing me to the dhcpleased(8) will read about it. Kindest regards, M |
|
||||
There are two methods.
|
|
|||
Hi jggimi,
thank you very much for the suggestion. I did read about the egress interface, but the definition is rather confusing. From: https://www.openbsd.org/faq/pf/filter.html Quote:
Maybe the fail-over is a better approach? Kindest regards, M |
|
||||
If there are two interfaces with default routes -- both interfaces will be members of the egress group. if you create a trunk to manage both interfaces with a single IP address, only the trunk will be a member of the egress group.
Sometimes you can't readily use a failover trunk, such as when wired and wireless are on separate subnets. |
|
|||
Hi jggimi,
thank you for clarifying the differences. Kindest regards, M P.S. On a slightly different subject, is there a way to amend the thread title, e.g., to SOLVED? |
|
|||
Hi jggimi,
thank you, done. Kindest regards, M |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Trouble after changing static IP to dynamic IP on OpenBSD gateway | magrin | OpenBSD General | 5 | 5th April 2014 10:38 AM |
[Solved] VIM without Python feature ? | sw2wolf | OpenBSD Packages and Ports | 3 | 14th May 2012 01:14 AM |
[Solved] 64bit COMPAT_LINUX not enabled? | xchris | OpenBSD General | 2 | 7th December 2011 12:52 PM |
dhcpd problems... dynamic and static leases present | edhunter | FreeBSD General | 7 | 16th May 2008 02:34 PM |