Solved AWS EC2 x Interfaces on PF Firewall

rafael_grether

rafael_grether

Hello guys,

I'm new in PF Firewall.
I have a FreeBSD medium instance on AWS EC2.
I have two interfaces (ifconfig):
ena0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 9001
inet 172.31.74.65 netmask 0xfffff000 broadcast 172.31.79.255

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet 127.0.0.1 netmask 0xff000000

In other words, a loopback address and private IP address. The public IP isn't show.

Who are ext_if and int_if?
int_if is "lo0" and ext_int is "ena0"?
Or int_if is "ena0" and ext_if doesn't exist?

Thanks
 
Simple, there is no int_if or ext_if. That distinction only makes sense if you have two interfaces where one is connected to an external network (ext_if; or external interface) and another interface attached to your local, internal, network. In other words if your host guards and connects your local network (LAN) to some other network, like the internet. As this is a single host you simply have one externally accessible (from the host's point of view) interface. The lo0 interface is a special interface, called the loopback. Every host has it's own loopback interface. Only the host itself can connect to it. It's never connected to anything outside of the host.

You could create a couple of jails on the host and connect those to a lo1 interface. In that case you do have an interface that could be called int_if, because you're creating a small (virtual) LAN that's attached to that lo1 interface and you want to differentiate between your internal and external interfaces.

You could name them anything you want, it's just a name you use to make it easier for you to distinguish between interfaces. You pick a name that make's sense in your situation. The name itself has no special meaning. It's just a variable. Just like you can use counter or simply i to store a value when programming code, a variable named counter provides much more clues about what it's used for than a variable named i. It just makes your code easier to read and understand. It's not going to make one iota of difference to the computer what it's called.
 
You must log in or register to reply here.
Back
Top