Date: 08 Jul 2002 15:07:21 +0930 From: "Daniel O'Connor" <doconnor@gsoft.com.au> To: Christian Chen <oistrakh@earthlink.net> Cc: Brossin Pierrick <pbrossin@wxp.homeip.net>, freebsd-stable@FreeBSD.ORG Subject: Re: FreeBSD Server and Gateway Message-ID: <1026106653.1697.22.camel@chowder.gsoft.com.au> In-Reply-To: <20020708053408.GA28499@earthlink.net> References: <000801c225c9$bba4d030$3200000a@nitrox> <20020707173947.GA250@theshell.com> <000301c225f0$e43dcf70$3200000a@nitrox> <20020708053408.GA28499@earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2002-07-08 at 15:04, Christian Chen wrote: > 1. Set up NAT to route between your ethernet card and tun0 > 2. Set up a set of firewall rules using ipf that will block certain traffic > trying to come in from tun0 and go to NAT. > > Problem is, I could never actually get step 2 to work properly. I'm > certainly not a networking guru, so I'm sure it's my own incompetence that > prevented me from getting it to work. But what > I've found works equally well (at least, I *think* it's working equally > well!) is to use the firewall features of PPP to block incoming packets > on tun0. "man ppp.conf" will tell you how to set this up, and there are > also examples in /usr/share/examples/ppp. I have IPFW controlling access via tun0 on my system.. I have a PPPoE DSL connection. You can have a copy of my rules if you like. I am using ppp's aliasing features, not IPF's - I haven't ever used IPF so I am not sure how it's NAT interacts with it's firewalling. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 9A8C 569F 685A D928 5140 AE4B 319B 41F4 5D17 FDD5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1026106653.1697.22.camel>