From owner-freebsd-stable  Sun Jul  7 22:37:45 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B433837B400
	for <freebsd-stable@FreeBSD.ORG>; Sun,  7 Jul 2002 22:37:42 -0700 (PDT)
Received: from cain.gsoft.com.au (genesi.lnk.telstra.net [139.130.136.161])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8839243E58
	for <freebsd-stable@FreeBSD.ORG>; Sun,  7 Jul 2002 22:37:40 -0700 (PDT)
	(envelope-from doconnor@gsoft.com.au)
Received: from localhost (localhost [127.0.0.1])
	by cain.gsoft.com.au (8.12.4/8.12.3) with ESMTP id g685bLZL079318;
	Mon, 8 Jul 2002 15:07:28 +0930 (CST)
	(envelope-from doconnor@gsoft.com.au)
Subject: Re: FreeBSD Server and Gateway
From: "Daniel O'Connor" <doconnor@gsoft.com.au>
To: Christian Chen <oistrakh@earthlink.net>
Cc: Brossin Pierrick <pbrossin@wxp.homeip.net>,
	freebsd-stable@FreeBSD.ORG
In-Reply-To: <20020708053408.GA28499@earthlink.net>
References: <000801c225c9$bba4d030$3200000a@nitrox>
	<20020707173947.GA250@theshell.com> <000301c225f0$e43dcf70$3200000a@nitrox>
	 <20020708053408.GA28499@earthlink.net>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.7 
Date: 08 Jul 2002 15:07:21 +0930
Message-Id: <1026106653.1697.22.camel@chowder.gsoft.com.au>
Mime-Version: 1.0
X-Scanned-By: MIMEDefang 2.6 (www dot roaringpenguin dot com slash mimedefang)
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Mon, 2002-07-08 at 15:04, Christian Chen wrote:
> 1. Set up NAT to route between your ethernet card and tun0
> 2. Set up a set of firewall rules using ipf that will block certain traffic
>    trying to come in from tun0 and go to NAT.
> 
> Problem is, I could never actually get step 2 to work properly. I'm
> certainly not a networking guru, so I'm sure it's my own incompetence that
> prevented me from getting it to work. But what
> I've found works equally well (at least, I *think* it's working equally
> well!) is to use the firewall features of PPP to block incoming packets
> on tun0. "man ppp.conf" will tell you how to set this up, and there are
> also examples in /usr/share/examples/ppp.

I have IPFW controlling access via tun0 on my system..

I have a PPPoE DSL connection.

You can have a copy of my rules if you like.

I am using ppp's aliasing features, not IPF's - I haven't ever used IPF
so I am not sure how it's NAT interacts with it's firewalling.

-- 
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
  -- Andrew Tanenbaum
GPG Fingerprint - 9A8C 569F 685A D928 5140  AE4B 319B 41F4 5D17 FDD5


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message