From owner-freebsd-questions Sun Dec 21 15:28:39 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id PAA05533 for questions-outgoing; Sun, 21 Dec 1997 15:28:39 -0800 (PST) (envelope-from owner-freebsd-questions) Received: from awfulhak.demon.co.uk (awfulhak.demon.co.uk [158.152.17.1]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id PAA05487 for ; Sun, 21 Dec 1997 15:28:22 -0800 (PST) (envelope-from brian@awfulhak.org) Received: from gate.lan.awfulhak.org (localhost [127.0.0.1]) by awfulhak.demon.co.uk (8.8.7/8.8.7) with ESMTP id UAA23349; Sun, 21 Dec 1997 20:19:24 GMT (envelope-from brian@gate.lan.awfulhak.org) Message-Id: <199712212019.UAA23349@awfulhak.demon.co.uk> X-Mailer: exmh version 2.0zeta 7/24/97 To: Ricardo AG Almeida cc: questions@freebsd.org Subject: Re: pppd question In-reply-to: Your message of "Sun, 21 Dec 1997 12:21:50 -0200." <3.0.32.19971221122142.00973a70@ptero.ag.com.br> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 21 Dec 1997 20:19:23 +0000 From: Brian Somers Sender: owner-freebsd-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Hi, > > I own some FreeBSD boxes, and one of them have 3 leased lines connecting > remote machines via ppp. I had set up pppd in /etc/ttys (cuaa2 > "/usr/sbin/pppd -detach 57600" dial up on, for instance), and it's working > fine. > > But now I have to set up firewall rules, to deny specifics services to some > of these remote machines. I had successfully compiled a new kernel, with > the firewall options, and applied the rules. That also works fine. > > The problem i'm facing is that when the machine boots up, the remote boxes > connects into the pppN interfaces in a "first come, first served" basis. > So, the first remote box that connects grabs the ppp0, the second ppp1 and > so on. Clearly, that's a mess with ipfw rules like: > > ipfw add 1001 deny tcp from 10.0.123.0/24 to any 21 via ppp0 > > since I can't grant that the 10.0.123 net is always connected via ppp0. > > Is there any way to force pppd use a specific interface (pppN)? In other > words, I wish that the cuaa2 line always uses the ppp0 interface, the cuaa3 > uses the ppp1, in a way that the connect order doesn't matter. Is it possible? Well, you could achieve this using user-ppp (ppp). It has firewalling (well, packet filtering) built in, and allows you to also execute arbitrary commands with the INTERFACE argument - which gets replaced with the tunX interface name. > Best regards, > > Ricardo A G Almeida > AG SISTEMAS > http://www.ag.com.br -- Brian , , Don't _EVER_ lose your sense of humour....