Date: Sun, 21 Dec 1997 20:19:23 +0000 From: Brian Somers <brian@awfulhak.org> To: Ricardo AG Almeida <ricardag@ag.com.br> Cc: questions@freebsd.org Subject: Re: pppd question Message-ID: <199712212019.UAA23349@awfulhak.demon.co.uk> In-Reply-To: Your message of "Sun, 21 Dec 1997 12:21:50 -0200." <3.0.32.19971221122142.00973a70@ptero.ag.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi, > > I own some FreeBSD boxes, and one of them have 3 leased lines connecting > remote machines via ppp. I had set up pppd in /etc/ttys (cuaa2 > "/usr/sbin/pppd -detach 57600" dial up on, for instance), and it's working > fine. > > But now I have to set up firewall rules, to deny specifics services to some > of these remote machines. I had successfully compiled a new kernel, with > the firewall options, and applied the rules. That also works fine. > > The problem i'm facing is that when the machine boots up, the remote boxes > connects into the pppN interfaces in a "first come, first served" basis. > So, the first remote box that connects grabs the ppp0, the second ppp1 and > so on. Clearly, that's a mess with ipfw rules like: > > ipfw add 1001 deny tcp from 10.0.123.0/24 to any 21 via ppp0 > > since I can't grant that the 10.0.123 net is always connected via ppp0. > > Is there any way to force pppd use a specific interface (pppN)? In other > words, I wish that the cuaa2 line always uses the ppp0 interface, the cuaa3 > uses the ppp1, in a way that the connect order doesn't matter. Is it possible? Well, you could achieve this using user-ppp (ppp). It has firewalling (well, packet filtering) built in, and allows you to also execute arbitrary commands with the INTERFACE argument - which gets replaced with the tunX interface name. > Best regards, > > Ricardo A G Almeida > AG SISTEMAS > http://www.ag.com.br -- Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org> <http://www.Awfulhak.org>; Don't _EVER_ lose your sense of humour....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712212019.UAA23349>