Date: Thu, 18 Sep 2003 08:54:30 +0800 From: Robert Storey <y2kbug@ms25.hinet.net> To: freebsd-questions@freebsd.org Subject: Re: firewall Message-ID: <20030918085430.7bdbefa7.y2kbug@ms25.hinet.net> In-Reply-To: <20030917182921.GA12360@kongemord.krig.net> References: <20030917172325.5e2f64a9.y2kbug@ms25.hinet.net> <20030917182921.GA12360@kongemord.krig.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 17 Sep 2003 14:29:22 -0400 "Bob Hall" <rjhjr@cox.net> wrote: > At this point, I'm a little confused. You said previously that > this would be the only machine that accessed the Internet via > PPP. Now you're setting it up as the gateway, which means that > other machines will be accessing the Internet via PPP on your > gateway. > > To reiterate from an earlier post, you have three options: > 1) This is not a gateway. You need PPP and a firewall. > > 2) This is a gateway. You need PPP, a firewall, and NAT > implemented via user PPP. > > 3) This is a gateway. You need PPP, a firewall, and NAT > implemented via the firewall. > > Decide on an option, and tell us which you're going to > implement. Apologies humbly offered. Apparently, I'm getting confused by reading the tons of documentation I've been looking at. For now, option No. 1 will do - I just want to get kernel ppp working with a firewall enabled. So far, I've gotten ppp working, but only with the firewall disabled. > > One kind member of this list suggested I must compile this into my > > kernel: > > > > options IPDIVERT > > You need that only for option 3. > You also need > options IPFIREWALL > for any of the three options. Now that's interesting. I did indeed read that in "FreeBSD Unleashed", but "The Complete FreeBSD" says "If you wish you can build a kernel with firewall support...but you don't need to build a new kernel. You can load the KLD /boot/kernel/ipfw.ko instead: #kldload ipfw" So I tried that, and it told me it was already loaded. However, I will take your advice and rebuild the kernel with this option, and report back soon (probably within the hour). > > # set these to your outside interface network and netmask and ip > > oif="ppp0" > > onet="168.95.0.0" > > omask="255.255.255.255" > > oip="168.95.0.0" > > oip = Outer IP address. 168.95.0.0 is not your oip. Once again, > the oip is found in the ppp0 section of the output from "ifconfig -a". > It changes every time you dial up. OK, that part I knew, but what setting should I use? Just leave it blank? When I try "ifconfig -a" it always gives me an address in the format 168.95.xx.xx where x can be any number. Again, thank you for your help. Sorry for my stupidity, but I am probably the only FreeBSD user within 100 miles of where I live - on one around here who I can ask. regards, Robert
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030918085430.7bdbefa7.y2kbug>