Date: Thu, 30 Nov 2000 03:09:49 +0000 From: John Murphy <john253@crosswinds.net> To: <mattb@finsyn.com> Cc: questions@FreeBSD.ORG Subject: Re: ipfw relies on ipfilter? Message-ID: <vkeb2tk544125i4lp7uls594a4easc4evc@4ax.com> In-Reply-To: <71F816A89AA9D3119F4C00D0B7094EFC206322@FIN_SYN> References: <71F816A89AA9D3119F4C00D0B7094EFC247221@FIN_SYN> <71F816A89AA9D3119F4C00D0B7094EFC206322@FIN_SYN>
index | next in thread | previous in thread | raw e-mail
Matt Bettinger wrote: >i'm at a total loss here. I guess i just need a breather... I been at this >for a week now. I looked at the manual from freebsd.org dialup firewall, i >followed that exactly with the exception of changing my interface to ppp0. >I am on a dialup 56k modem ppp0, cuaa0, user ppp. I am having the >hardest time for some reason just trying to get something that works. >Please dont point me to the list serve archives i have looked there and >really don't see much about the actual rules. There is a third choice which you may find is the easiest; use ppp's own firewall and (if necessary) nat. I find it works very well for my simple dial-up connection and you wont even need to compile anything extra into the kernel. Also it has simple 'dial' filters which can be set to prevent dialups that you don't want. Have a look at /usr/share/examples/ppp/ppp.conf.sample and man ppp of course. If you do decide to use it bear in mind there's a small bug that causes syntax errors on filter lines with more than one space before the trailing remarks eg: set filter alive 1 deny udp dst eq 520 # routed should be changed to: set filter alive 1 deny udp dst eq 520 # routed This has been fixed but only recently. > >I guess first of all I'm confused as to which one to use, right now i >really don't see that much of a difference so i guess i'll use IPFilter. I >don't need any crazy rulesets as this is just a dialup i would like to >return RST for port 113. Again i am on a dilaup connection i don't >understand if i should be using natd or what have you. Do i need to be >using natd ? Someone was helping me and told me to add dummynet and >bridging and all these things that are over my head, and don't appear >necessary with this simple lame-o dialup.... help? > You only need nat (network address translation) if you have other pcs connecting to the internet via the one you're configuring. HTH John. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?vkeb2tk544125i4lp7uls594a4easc4evc>