Date: Wed, 7 Feb 2001 10:30:03 -0800 (PST) From: ncalvo <ncalvo@es.freebsd.org> To: freebsd-doc@freebsd.org Subject: Re: docs/23342: Inaccuracy of the dialup-firewall tutorial Message-ID: <200102071830.f17IU3c95668@freefall.freebsd.org>
index | next in thread | raw e-mail
The following reply was made to PR docs/23342; it has been noted by GNATS.
From: ncalvo <ncalvo@es.freebsd.org>
To: freebsd-gnats-submit@FreeBSD.org, marcs@draenor.org
Cc:
Subject: Re: docs/23342: Inaccuracy of the dialup-firewall tutorial
Date: Wed, 07 Feb 2001 19:31:10 +0100
This is a multi-part message in MIME format.
--------------CC564A663CBFCEA4615F8B6D
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hello,
As a follow up to this short sighted pr that I opened, I have produced a
patch.
I have been in contact with Marc Silver (the author of the
dialup-firewall tutorial) and he has approved the patch.
I am enclosing the mentioned patch as an attachment.
Thank you.
ncalvo
_
--------------CC564A663CBFCEA4615F8B6D
Content-Type: text/plain; charset=us-ascii;
name="dialup-firewall.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="dialup-firewall.patch"
--- article.sgml.orig Sun Jan 21 16:17:22 2001
+++ article.sgml Sun Jan 21 17:19:32 2001
@@ -294,6 +294,73 @@
firewall.</para>
</answer>
</qandaentry>
+
+<!-- addition starts here -->
+
+ <qandaentry>
+ <question>
+ <para>There must be something wrong. I followed your instructions
+ to the letter and now I am locked out.</para>
+ </question>
+
+ <answer>
+ <para>This tutorial assumes that you are running
+ <emphasis>userland-ppp</emphasis>, therefore the supplied ruleset
+ operates on the <devicename>tun0</devicename> interface, which
+ corresponds to the first connection made with &man.ppp.8; (a.k.a.
+ <emphasis>user-ppp</emphasis>). Additional connections would use
+ <devicename>tun1</devicename>, <devicename>tun2</devicename> and so
+ on.</para>
+
+ <para>You should also note that &man.pppd.8; uses the
+ <devicename>ppp0</devicename> interface instead, so if you start the
+ connection with &man.pppd.8; you must substitute
+ <devicename>tun0</devicename> for <devicename>ppp0</devicename>. A
+ quick way to edit the firewall rules to reflect this change is shown
+ below. The original ruleset is backed up as
+ <filename>fwrules_tun0</filename>.</para>
+
+ <screen>
+ <prompt>˜ &prompt.user; </prompt><userinput>cd /etc/firewall</userinput>
+ <prompt>/etc/firewall &prompt.user; </prompt><userinput>su</userinput>
+ <prompt>Password:</prompt>
+ <prompt>/etc/firewall &prompt.root; </prompt><userinput>mv fwrules fwrules_tun0</userinput>
+ <prompt>/etc/firewall &prompt.root; </prompt><userinput>cat fwrules_tun0 | sed s/tun0/ppp0/g > fwrules</userinput>
+ </screen>
+
+ <para>To know whether you are currently using &man.ppp.8; or
+ &man.pppd.8; you can examine the output of &man.ifconfig.8; once the
+ connection is up. E.g., for a connection made with &man.pppd.8; you
+ would see something like this (showing only the relevant lines):</para>
+
+ <screen>
+ &prompt.user; <userinput>ifconfig</userinput>
+ <emphasis>(skipped...)</emphasis>
+ ppp0: flags=<replaceable>8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524</replaceable>
+ inet <replaceable>xxx.xxx.xxx.xxx</replaceable> --> <replaceable>xxx.xxx.xxx.xxx</replaceable> netmask <replaceable>0xff000000</replaceable>
+ <emphasis>(skipped...)</emphasis>
+ </screen>
+
+ <para>On the other hand, for a connection made with &man.ppp.8;
+ (<emphasis>user-ppp</emphasis>) you should see something similar to
+ this:</para>
+
+ <screen>
+ &prompt.user; <userinput>ifconfig</userinput>
+ <emphasis>(skipped...)</emphasis>
+ ppp0: flags=<replaceable>8010<POINTOPOINT,MULTICAST> mtu 1500</replaceable>
+ <emphasis>(skipped...)</emphasis>
+ tun0: flags=<replaceable>8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524</replaceable>
+ <emphasis>(IPv6 stuff skipped...)</emphasis>
+ inet <replaceable>xxx.xxx.xxx.xxx</replaceable> --> <replaceable>xxx.xxx.xxx.xxx</replaceable> netmask <replaceable>0xffffff00</replaceable>
+ Opened by PID <replaceable>xxxxx</replaceable>
+ <emphasis>(skipped...)</emphasis>
+ </screen>
+ </answer>
+ </qandaentry>
+
+<!-- addition ends here -->
+
</qandaset>
</sect1>
</article>
--------------CC564A663CBFCEA4615F8B6D--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102071830.f17IU3c95668>