From owner-freebsd-stable Sat Jul 14 19:20:26 2001 Delivered-To: freebsd-stable@freebsd.org Received: from smtp015.mail.yahoo.com (smtp015.mail.yahoo.com [216.136.173.59]) by hub.freebsd.org (Postfix) with SMTP id 8D66B37B401 for ; Sat, 14 Jul 2001 19:20:15 -0700 (PDT) (envelope-from wyldephyre2@yahoo.com) Received: from ae04190.powerup.com.au (HELO warhawk) (203.147.163.190) by smtp.mail.vip.sc5.yahoo.com with SMTP; 15 Jul 2001 02:20:08 -0000 X-Apparently-From: From: "Haikal Saadh" To: "Janet Sullivan" , Subject: RE: ipf and tun Date: Sun, 15 Jul 2001 12:24:18 +1000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <3B4C1FA7.6F8CFDAA@home.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Sorry for the later reply, but I just tried that, and sit still doesn't work. Here is the beginning of my edited rc.network: Maybe I am missing something? Cheers! ---BEGIN rc.network--- # Set the host name if it is not already set # if [ -z "`hostname -s`" ]; then hostname ${hostname} echo -n ' hostname' fi # Start user ppp if required. This must happen before natd. # case ${ppp_enable} in [Yy][Ee][Ss]) # Establish ppp mode. # if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ -a "${ppp_mode}" != "dedicated" \ -a "${ppp_mode}" != "background" ]; then ppp_mode="auto" fi ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" # Switch on NAT mode? # case ${ppp_nat} in [Yy][Ee][Ss]) ppp_command="${ppp_command} -nat" ;; esac ppp_command="${ppp_command} ${ppp_profile}" echo -n "Starting ppp as \"${ppp_user}\"" su -m ${ppp_user} -c "exec ${ppp_command}" ;; esac # Establish ipfilter ruleset as early as possible (best in # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) # case "${ipfilter_enable}" in [Yy][Ee][Ss]) if [ -r "${ipfilter_rules}" ]; then echo -n ' ipfilter'; ${ipfilter_program:-ipf -Fa -f} "${ipfilter_rules}" ${ipfilter_flags} case "${ipmon_enable}" in [Yy][Ee][Ss]) echo -n ' ipmon' ${ipmon_program:-ipmon} ${ipmon_flags} ;; esac case "${ipnat_enable}" in [Yy][Ee][Ss]) if [ -r "${ipnat_rules}" ]; then echo -n ' ipnat'; ${ipnat_program:-ipnat -CF -f} "${ipnat_rules}" ${ipnat_flags} else echo -n ' NO IPNAT RULES' fi ;; esac else ipfilter_enable="NO" echo -n ' NO IPF RULES' fi ;; esac # rest snipped ----END rc.network---- and the relevant bits from rc.conf ---BEGIN rc.conf--- ppp_enable="YES" ppp_nat="NO" ipfirewall_enable="NO" ipfilter_enable="YES" ipmon_enble="YES" ipmon_flags="sDF -oI" ipnat_enable="YES" ----END rc.conf. > -----Original Message----- > From: owner-freebsd-stable@FreeBSD.ORG > [mailto:owner-freebsd-stable@FreeBSD.ORG]On Behalf Of Janet Sullivan > Sent: Wednesday, 11 July 2001 7:43 PM > To: Haikal Saadh; freebsd-stable@FreeBSD.ORG > Subject: Re: ipf and tun > > > > In case I didn't make myself clear - I meant to say that you move the > user ppp section of the script so that it is right before the ipf > section. I'm filled with Nyquil and have a head cold right now, so I > apologize if I'm not totally coherent. ;-) > > Janet Sullivan wrote: > > > > You can edit /etc/rc.network and move the entire user ppp section of the > > script right before the ipf section. Then ipf -y'ing won't be > > necessary. It worked for me for several months - after editing > > rc.network I just rebooted and from then on I didn't have to manually do > > anything with ipf to make it work with userland ppp. Of course, if you > > upgrade to a newer rc.network file while tracking -STABLE, you'll have > > to edit the file again. YMMV. > > > > Haikal Saadh wrote: > > > > > > I've noticed that this has been tossed around the lists for > fair while, but > > > no one has actually come up with a solution :(. I've a > similar problem, but > > > the thing with ip -y'ing in ppp.linkup is that it executes > the commands in > > > ppp.linkup as the user who invoked ppp, and ipf -y needs to > be done as root > > > (according to the manpage, and yes, non rot user can't ipf -y). > > > > > > Is their anything else that can be done? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message