From owner-freebsd-questions Wed Dec 6 10:29:29 2000 From owner-freebsd-questions@FreeBSD.ORG Wed Dec 6 10:29:26 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from hp.ruraltel.net (unknown [24.225.0.100]) by hub.freebsd.org (Postfix) with ESMTP id 3233737B400 for ; Wed, 6 Dec 2000 10:29:26 -0800 (PST) Received: from mail1.ruraltel.net ([24.225.0.33]) by hp.ruraltel.net (Post.Office MTA v3.5.3 release 223 ID# 0-68608U15000L4100S0V35) with ESMTP id net for ; Wed, 6 Dec 2000 12:28:47 -0600 Received: from darryl ([24.225.30.243]) by mail1.ruraltel.net (Post.Office MTA v3.5.3 release 223 ID# 0-68608U15000L4100S0V35) with SMTP id net for ; Thu, 7 Dec 2000 12:29:00 -0600 Reply-To: From: "Darryl Hoar" To: Subject: ppp filters - question Date: Wed, 6 Dec 2000 12:30:15 -0600 Message-ID: <001901c05fb2$94b06720$0701a8c0@ruraltel.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm running: FreeBSD proxy 4.0-RELEASE FreeBSD 4.0-RELEASE #0: Mon Mar 20 22:50:22 GMT 2000 root@monster.cdrom.com:/usr/src/sys/compile/GENERIC i386 In the tutorial in the online handbook for ppp, I am trying to understand the example of the ppp filters. In addition, I have disabled inetd so no ftp, telnet.... for security sake. In the example filters, it shows ftp packets in and out. Since ftp is not running on my box, the network users can still ftp other hosts on the internet ? Also, in the from/to local section, does this just allow nodes on my private net to pass packets to the internet ? Sorry, but I'm a bit confused about services I've removed from my gateway, and packets of the type (ie, ftp is not an available service on my gateway machine, but I want my network users to be able to ftp to machines on the internet). Thanks, Darryl # # Allow telnet connection to the Internet # set filter in 1 permit tcp src eq 23 estab set filter out 1 permit tcp dst eq 23 # # Allow ftp access to the Internet # set filter in 2 permit tcp src eq 21 estab set filter out 2 permit tcp dst eq 21 set filter in 3 permit tcp src eq 20 dst gt 1023 set filter out 3 permit tcp dst eq 20 set filter in 5 permit tcp src eq 53 set filter out 5 permit tcp dst eq 53 # # Allow access from/to local network # set filter in 6 permit 0/0 192.168.1.0/24 set filter out 6 permit 192.168.1.0/24 0/0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message