From owner-freebsd-questions Wed Jan 31 13:29:53 2001 Delivered-To: freebsd-questions@freebsd.org Received: from post.mail.nl.demon.net (post-10.mail.nl.demon.net [194.159.73.20]) by hub.freebsd.org (Postfix) with ESMTP id EB02837B6A4 for ; Wed, 31 Jan 2001 13:29:30 -0800 (PST) Received: from [212.238.77.116] (helo=gateway.raggedclown.intra) by post.mail.nl.demon.net with smtp (Exim 3.14 #2) id 14O4oh-0005ND-00; Wed, 31 Jan 2001 21:29:29 +0000 Received: by buffy.raggedclown.net (Postfix on SuSE Linux 7.0 (i386), from userid 500) id 8939312D5F; Wed, 31 Jan 2001 22:08:08 +0100 (CET) Date: Wed, 31 Jan 2001 22:08:08 +0100 From: Cliff Sarginson To: Josh Paetzel Cc: darryl@osborne-ind.com, freebsd-questions@FreeBSD.ORG Subject: Re: ppp packet filtering Message-ID: <20010131220808.A1156@raggedclown.net> References: <001c01c08b9f$14a9b0e0$6100000a@vladsempire.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <001c01c08b9f$14a9b0e0$6100000a@vladsempire.net>; from jpaetzel@hutchtel.net on Wed, Jan 31, 2001 at 10:01:01AM -0600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Jan 31, 2001 at 10:01:01AM -0600, Josh Paetzel wrote: > > ----- Original Message ----- > From: "Cliff Sarginson" > To: ; > Sent: Wednesday, January 31, 2001 9:32 AM > Subject: Re: ppp packet filtering > > > > I hope you get an answer to this. I have asked several times > > on this list for an expert to give some summary of the mystifying > > number of combinations available for PPP, filters, ipfw, Nat here, Nat > > there nat everywhere. And the documentation available is contradictory. > > > > I am sure someone out there knows. Pure NAT questions get answered, > > but mention PPP .. and silence reigns .. lol. > > > > Cliff > > > > > Greetings, > > > I use userland ppp with the -auto and -nat flags. This is a > > > good combo for me. I want to do some packet filtering for > > > security reasons, and wondered if the packet filtering that > > > you can do with rules in the ppp.conf is good ? The > > > tutorials I've seen start off by configuring NAT on the system > > > then using one of the system filtering programs to do the > > > job. Seems like overkill if ppp can do the job. > > > > > > thanks for the input, > > > Darryl > > PPP packet filtering is really the only way that I know of to filter > when you have a dynamic IP and dialup. The man page for PPP... The input is great, thanks! I was not really complaining about the PPP pages, what I think is not really clear is not the rule-set etc, but *what* to use. Nat withing ppp, so to speak is suggested in some places, nat seperately in others. Rulesets as ppp filters in one place, ipfw in others..and doubtless combinations in between ! Cliff To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message