From owner-freebsd-questions  Tue Nov 17 19:48:27 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA10952
          for freebsd-questions-outgoing; Tue, 17 Nov 1998 19:48:27 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from awfulhak.org (awfulhak.force9.co.uk [195.166.136.63])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA10947
          for <questions@FreeBSD.ORG>; Tue, 17 Nov 1998 19:48:21 -0800 (PST)
          (envelope-from brian@Awfulhak.org)
Received: from woof.lan.awfulhak.org (woof.lan.Awfulhak.org [172.16.0.7])
	by awfulhak.org (8.8.8/8.8.8) with ESMTP id DAA10461;
	Wed, 18 Nov 1998 03:46:20 GMT
	(envelope-from brian@Awfulhak.org)
Received: from woof.lan.awfulhak.org (localhost [127.0.0.1])
	by woof.lan.awfulhak.org (8.9.1/8.9.1) with ESMTP id DAA08337;
	Wed, 18 Nov 1998 03:46:20 GMT
	(envelope-from brian@woof.lan.awfulhak.org)
Message-Id: <199811180346.DAA08337@woof.lan.awfulhak.org>
X-Mailer: exmh version 2.0.2 2/24/98
To: Eddie Irvine <eirvine@tpgi.com.au>
cc: questions@FreeBSD.ORG
Subject: Re: ppp and 192.168.0.0 packets. 
In-reply-to: Your message of "Tue, 17 Nov 1998 23:47:28 +1100."
             <36517060.4CD7035E@tpgi.com.au> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 18 Nov 1998 03:46:18 +0000
From: Brian Somers <brian@Awfulhak.org>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> Now, I'm concerned that without the -alias option on all the
> time, packets from my private net will sometimes go down
> the phone line and onto the internet, making me a (gasp!)
> "bad citizen".
> 
> 1) Should I worry about this?

Well, you shouldn't do it....

> OK, so, let's assume that I turn aliasing ON all the time and enable
> some of the packet filtering rules. To make it simple, say I want to 
> permit only the server (interfaces 192.168.1.1, 192.168.2.1, 
> 192.168.3.1 and whatever the ISP assigns to MYADDR) to be able 
> to access port 80, and only the teacher's machine (192.168.1.115) 
> to be able to access the ISP's pop server. 
> 
> 2) Can the filtering rules do this, when aliasing is turned on?

Yep.  They're applied before aliasing.

> 3) How does the ppp filter scan the rule set? Does it start at the top
> of the rule set with each packet and *stop* at the first permit or deny
> that matches the packet?

Yep.

> I've made a diagram of our network to help with this question - you can
> find it on:
> 
> http://www1.tpgi.com.au/users/eirvine/freebsd/screens.html#topology
> 
> Cheers,
> Eddie.

-- 
Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org>
      <http://www.Awfulhak.org>
Don't _EVER_ lose your sense of humour....



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message