From owner-freebsd-questions@FreeBSD.ORG Wed Sep 17 18:46:13 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1FAF616A4B3 for ; Wed, 17 Sep 2003 18:46:13 -0700 (PDT) Received: from msr73.hinet.net (msr73.hinet.net [168.95.4.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id 467E843FD7 for ; Wed, 17 Sep 2003 18:46:11 -0700 (PDT) (envelope-from y2kbug@ms25.hinet.net) Received: from sonic.utopia.com (61-227-219-215.HINET-IP.hinet.net [61.227.219.215]) by msr73.hinet.net (8.9.3/8.9.3) with SMTP id JAA06690 for ; Thu, 18 Sep 2003 09:46:08 +0800 (CST) Date: Thu, 18 Sep 2003 08:54:30 +0800 From: Robert Storey To: freebsd-questions@freebsd.org Message-Id: <20030918085430.7bdbefa7.y2kbug@ms25.hinet.net> In-Reply-To: <20030917182921.GA12360@kongemord.krig.net> References: <20030917172325.5e2f64a9.y2kbug@ms25.hinet.net> <20030917182921.GA12360@kongemord.krig.net> X-Mailer: Sylpheed version 0.8.11 (GTK+ 1.2.10; i386-debian-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Sep 2003 01:46:13 -0000 X-List-Received-Date: Thu, 18 Sep 2003 01:46:13 -0000 On Wed, 17 Sep 2003 14:29:22 -0400 "Bob Hall" wrote: > At this point, I'm a little confused. You said previously that > this would be the only machine that accessed the Internet via > PPP. Now you're setting it up as the gateway, which means that > other machines will be accessing the Internet via PPP on your > gateway. > > To reiterate from an earlier post, you have three options: > 1) This is not a gateway. You need PPP and a firewall. > > 2) This is a gateway. You need PPP, a firewall, and NAT > implemented via user PPP. > > 3) This is a gateway. You need PPP, a firewall, and NAT > implemented via the firewall. > > Decide on an option, and tell us which you're going to > implement. Apologies humbly offered. Apparently, I'm getting confused by reading the tons of documentation I've been looking at. For now, option No. 1 will do - I just want to get kernel ppp working with a firewall enabled. So far, I've gotten ppp working, but only with the firewall disabled. > > One kind member of this list suggested I must compile this into my > > kernel: > > > > options IPDIVERT > > You need that only for option 3. > You also need > options IPFIREWALL > for any of the three options. Now that's interesting. I did indeed read that in "FreeBSD Unleashed", but "The Complete FreeBSD" says "If you wish you can build a kernel with firewall support...but you don't need to build a new kernel. You can load the KLD /boot/kernel/ipfw.ko instead: #kldload ipfw" So I tried that, and it told me it was already loaded. However, I will take your advice and rebuild the kernel with this option, and report back soon (probably within the hour). > > # set these to your outside interface network and netmask and ip > > oif="ppp0" > > onet="168.95.0.0" > > omask="255.255.255.255" > > oip="168.95.0.0" > > oip = Outer IP address. 168.95.0.0 is not your oip. Once again, > the oip is found in the ppp0 section of the output from "ifconfig -a". > It changes every time you dial up. OK, that part I knew, but what setting should I use? Just leave it blank? When I try "ifconfig -a" it always gives me an address in the format 168.95.xx.xx where x can be any number. Again, thank you for your help. Sorry for my stupidity, but I am probably the only FreeBSD user within 100 miles of where I live - on one around here who I can ask. regards, Robert