port-mac68k: ipnat.conf

Subject: ipnat.conf
To: NetBSD <port-mac68k@NetBSD.org>
From: gkrall <gkrall@pmi-kc.com>
List: port-mac68k
Date: 02/17/2000 10:15:29
This is a MIME-encapsulated message
If you read this, you may want to switch to a better mailer
--__==========00000000032698==pmi-kc.com==__
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit

*This message was sent using a trial version of CommuniGate(tm) SMTP*
--__==========00000000032698==pmi-kc.com==__
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit

*This message was received using a trial version of CommuniGate(tm) SMTP*
--__==========00000000032698==pmi-kc.com==__
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit


Ho'la

I've got ipnat successfully running between two ethernet interfaces that
hook up to a cable modem.  Since the ip assigned by dhcp to the outside
interface is real I'd like a little more protection than that afforded
by the default ipnat.conf.  (Especially after seeing solarwinds' ip
discovery utility show account / share names on a class c range of
internet addresses.)  I was looking through the examples in
/usr/share/examples/ipf and it looks like BASIC_1.FW would do it _all_. 
I would most likely disable all but the most critical logging tho. 
Should this file replace the ipnat.conf or ipf.conf ( with the obvious
changing of interfaces (ie:sn0 instead of ppp0 etc..)?

My second question has to do with leasing.  My service leases an ip for
3600 seconds.  will that ip be usable past 1 hour if the connection
remains up? Or does dhcp initiate a renegotiation of the ip address when
the lease expires, and if so will the routing tables be updated in the
kernel automatically to the new address.  I worked for more that an hour
on the net last night with no interuption in  ipnat service so I think
every thing does the right thing.  My rudimentary understanding of
leases is that if you drop and re-establish a connection, dhcp trys to
get the ip address you just had back for you and if the lease has not
expired dhcp will succeed, else get a new adress.  Is that correct or am
I _way_ off base.

Pre S. sorry about the mime, The mail server here at work is doing it. 
Maybe they should use NetBSD :).

Thanks,

Gerald.
--
--__==========00000000032698==pmi-kc.com==__--