What to put in $FWDIR/conf/external.if

[BarryStiefel]

What to put in $FWDIR/conf/external.if



This file should contain the physical device name. You can get this by doing an ifconfig (Unix/IPSO/Linux) or ipconfig (NT/W2000). Example interface names include: le1, El90x1 (as in the letter E, the letter l, the number 9, the number 0, the letter x, and the number 1). On a Nokia platform, this should contain the physical interface name plus c0 (e.g. eth-s1p1c0).

The external interface is often the interface facing your Internet router. If you have more than one external interface, you should be using an unlimited node license, or upgrade to NG, which supports multiple external interfaces.

-- PhoneBoy - 02 Jan 2004

FAQForm FAQs.Class: LicensingFAQs FAQs.OS: FAQs.Version: 4.1

[zyz101z]

Does anyone know if this file is still needed in NGX? I dont have it on any of my firewalls. Although on the pair I have that dont have unlimited liscenses I am having problems where on one its showing 3000+ hosts. Which shouldnt be possible as there are only 2 interfaces. One, which leads to my DMZ firewalls, is marked as external in the firewall object. The other is a /23. Looking at the hosts, it does seem to be seeing objects that should be behind the external IP. I wanted to confirm this file was still required before I added it.

Thanks

[abusharif]

If you experience problems with too many hosts then you should create the file according to instructions above, even on NGX. (the file is not there by default)

[cschwab1]

Regarding the external.if file and NGX, does NGX not create this file as does NG AI? What about the fwd.h and fwd.hosts files, are this not created by default in NGX? Has the method that NGX uses to track the hosts the firewall is protecting change from NG AI to NGX?