From owner-freebsd-doc Wed Feb 7 10:30:45 2001 Delivered-To: freebsd-doc@freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id B8AEB37B69C for ; Wed, 7 Feb 2001 10:30:03 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f17IU3c95668; Wed, 7 Feb 2001 10:30:03 -0800 (PST) (envelope-from gnats) Date: Wed, 7 Feb 2001 10:30:03 -0800 (PST) Message-Id: <200102071830.f17IU3c95668@freefall.freebsd.org> To: freebsd-doc@freebsd.org Cc: From: ncalvo Subject: Re: docs/23342: Inaccuracy of the dialup-firewall tutorial Reply-To: ncalvo Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR docs/23342; it has been noted by GNATS. From: ncalvo To: freebsd-gnats-submit@FreeBSD.org, marcs@draenor.org Cc: Subject: Re: docs/23342: Inaccuracy of the dialup-firewall tutorial Date: Wed, 07 Feb 2001 19:31:10 +0100 This is a multi-part message in MIME format. --------------CC564A663CBFCEA4615F8B6D Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hello, As a follow up to this short sighted pr that I opened, I have produced a patch. I have been in contact with Marc Silver (the author of the dialup-firewall tutorial) and he has approved the patch. I am enclosing the mentioned patch as an attachment. Thank you. ncalvo _ --------------CC564A663CBFCEA4615F8B6D Content-Type: text/plain; charset=us-ascii; name="dialup-firewall.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="dialup-firewall.patch" --- article.sgml.orig Sun Jan 21 16:17:22 2001 +++ article.sgml Sun Jan 21 17:19:32 2001 @@ -294,6 +294,73 @@ firewall. + + + + + + There must be something wrong. I followed your instructions + to the letter and now I am locked out. + + + + This tutorial assumes that you are running + userland-ppp, therefore the supplied ruleset + operates on the tun0 interface, which + corresponds to the first connection made with &man.ppp.8; (a.k.a. + user-ppp). Additional connections would use + tun1, tun2 and so + on. + + You should also note that &man.pppd.8; uses the + ppp0 interface instead, so if you start the + connection with &man.pppd.8; you must substitute + tun0 for ppp0. A + quick way to edit the firewall rules to reflect this change is shown + below. The original ruleset is backed up as + fwrules_tun0. + + + ˜ &prompt.user; cd /etc/firewall + /etc/firewall &prompt.user; su + Password: + /etc/firewall &prompt.root; mv fwrules fwrules_tun0 + /etc/firewall &prompt.root; cat fwrules_tun0 | sed s/tun0/ppp0/g > fwrules + + + To know whether you are currently using &man.ppp.8; or + &man.pppd.8; you can examine the output of &man.ifconfig.8; once the + connection is up. E.g., for a connection made with &man.pppd.8; you + would see something like this (showing only the relevant lines): + + + &prompt.user; ifconfig + (skipped...) + ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524 + inet xxx.xxx.xxx.xxx --> xxx.xxx.xxx.xxx netmask 0xff000000 + (skipped...) + + + On the other hand, for a connection made with &man.ppp.8; + (user-ppp) you should see something similar to + this: + + + &prompt.user; ifconfig + (skipped...) + ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 + (skipped...) + tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524 + (IPv6 stuff skipped...) + inet xxx.xxx.xxx.xxx --> xxx.xxx.xxx.xxx netmask 0xffffff00 + Opened by PID xxxxx + (skipped...) + + + + + + --------------CC564A663CBFCEA4615F8B6D-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message