From owner-freebsd-questions  Thu Aug 27 01:22:08 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA03111
          for freebsd-questions-outgoing; Thu, 27 Aug 1998 01:22:08 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from cyclone.degnet.baynet.de (www.degnet.baynet.de [194.95.214.129])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id BAA03096
          for <freebsd-questions@freebsd.org>; Thu, 27 Aug 1998 01:22:03 -0700 (PDT)
          (envelope-from malte.lance@gmx.net)
Received: from neuron.webmore.de (unverified [194.95.214.166]) by cyclone.degnet.baynet.de
 (EMWAC SMTPRS 0.83) with SMTP id <B0000064737@cyclone.degnet.baynet.de>;
 Thu, 27 Aug 1998 10:22:15 +0200
Received: (from malte.lance@gmx.net)
          by neuron.webmore.de (8.8.8/8.8.8) id QAA01940;
          Tue, 25 Aug 1998 16:53:39 +0200 (CEST)
From: Malte Lance <malte.lance@gmx.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Tue, 25 Aug 1998 16:53:39 +0200 (CEST)
To: Craig Beasland <craig@hotmix.com.au>
Cc: <freebsd-questions@FreeBSD.ORG>
Subject: Re: PPP filters
In-Reply-To: <000801bdcca6$ee1605a0$0a1e21cb@superbruce.hotmix.com.au>
References: <000801bdcca6$ee1605a0$0a1e21cb@superbruce.hotmix.com.au>
X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs  Lucid
Message-ID: <13794.47137.752428.370224@neuron.webmore.de>
Reply-To: malte.lance@gmx.net
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Craig Beasland writes:
 > Hi there,
 > 
 > I have a question and a comment.
 > 
 > Firstly, if I have a private class of IP numbers 192.168.168.1 - 255 and a
 > BSD box with one single public IP number on the ppp link.
 > 
 > I run ppp -ddial -alias myisp.  This will permanently connect me to my ISP.
 > I do not have any filters in place, so can anyone get to my private IP'ed
 > network from the Internet, or because of the alias option and the private IP
 > numbers not being routed are they blocked.

AFAIK the alias-option in user-ppp is a 1:n-NAT. The internal hosts on 
your 192.168.168-net are being translated to one IP (your public one)
and a port-number for each connection. That means, "yes, if there is
no firewall and no filters preventing it, anyone could get to your
internal network, by just trying your public IP and some port- 
numbers". And "no, if there is no firewall and no filters installed
on your gateway, there is nothing that blocks traffic to your
internal network".

Malte.

 > 
 > Secondly, the documentation for setting filters should be perhaps a little
 > bit clearer which section and which file the filter information should go
 > in.  I tried creating ppp.conf.filter, and only after a couple of hours
 > searching did it occur to me that the filter commands should go into
 > ppp.conf and the default section.
 > 
 > Cheers
 > Craig
 > 
 > 
 > To Unsubscribe: send mail to majordomo@FreeBSD.org
 > with "unsubscribe freebsd-questions" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message