Date: Wed, 31 Jan 2001 20:41:37 -0600 From: "Josh Paetzel" <jpaetzel@hutchtel.net> To: "Cliff Sarginson" <cliff@raggedclown.net> Cc: <darryl@osborne-ind.com>, <freebsd-questions@FreeBSD.ORG> Subject: Re: ppp packet filtering Message-ID: <016f01c08c07$550f4e20$6100000a@vladsempire.net> References: <E14NzFf-000NA1-00@post.mail.nl.demon.net> <001c01c08b9f$14a9b0e0$6100000a@vladsempire.net> <20010131220808.A1156@raggedclown.net>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Cliff Sarginson" <cliff@raggedclown.net> To: "Josh Paetzel" <jpaetzel@hutchtel.net> Cc: <darryl@osborne-ind.com>; <freebsd-questions@FreeBSD.ORG> Sent: Wednesday, January 31, 2001 3:08 PM Subject: Re: ppp packet filtering > On Wed, Jan 31, 2001 at 10:01:01AM -0600, Josh Paetzel wrote: > > > > ----- Original Message ----- > > From: "Cliff Sarginson" <cliff@raggedclown.net> > > To: <darryl@osborne-ind.com>; <freebsd-questions@FreeBSD.ORG> > > Sent: Wednesday, January 31, 2001 9:32 AM > > Subject: Re: ppp packet filtering > > > > > > > I hope you get an answer to this. I have asked several times > > > on this list for an expert to give some summary of the mystifying > > > number of combinations available for PPP, filters, ipfw, Nat here, Nat > > > there nat everywhere. And the documentation available is contradictory. > > > > > > I am sure someone out there knows. Pure NAT questions get answered, > > > but mention PPP .. and silence reigns .. lol. > > > > > > Cliff > > > > > > > Greetings, > > > > I use userland ppp with the -auto and -nat flags. This is a > > > > good combo for me. I want to do some packet filtering for > > > > security reasons, and wondered if the packet filtering that > > > > you can do with rules in the ppp.conf is good ? The > > > > tutorials I've seen start off by configuring NAT on the system > > > > then using one of the system filtering programs to do the > > > > job. Seems like overkill if ppp can do the job. > > > > > > > > thanks for the input, > > > > Darryl > > > > PPP packet filtering is really the only way that I know of to filter > > when you have a dynamic IP and dialup. The man page for PPP... > <snip> > The input is great, thanks! > I was not really complaining about the PPP pages, what I think > is not really clear is not the rule-set etc, but *what* to use. > Nat withing ppp, so to speak is suggested in some places, nat > seperately in others. Rulesets as ppp filters in one place, > ipfw in others..and doubtless combinations in between ! > > Cliff > Personally I use natd and ipfw if I have a static IP to deal with. If I am dealing with a dynamic IP I use ppp -nat and packet filtering. I would use ipfw with dynamic IP, but I haven't figured out a way to deal with the dynamic IP, so I belive that ppp filtering is the only recourse that you have. As far as documentation and so forth, there isn't IMHO a lot of info out there on the packet filtering abilities of ppp. The man page is great, but most people read the man page to get ppp working, and never realize that it's about 50 pages long. :) I've met a lot of people that didn't even realize that ppp could do packet filtering at all. Josh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?016f01c08c07$550f4e20$6100000a>