From owner-freebsd-questions Wed Nov 29 19: 8:39 2000 Delivered-To: freebsd-questions@freebsd.org Received: from glitch.crosswinds.net (glitch.crosswinds.net [209.208.163.35]) by hub.freebsd.org (Postfix) with ESMTP id 8EAE237B401 for ; Wed, 29 Nov 2000 19:08:36 -0800 (PST) Received: from lexx.my.domain ([195.110.170.22]) by glitch.crosswinds.net (8.9.3/8.9.3) with SMTP id WAA99053; Wed, 29 Nov 2000 22:08:32 -0500 (EST) (envelope-from john253@crosswinds.net) From: John Murphy To: Cc: questions@FreeBSD.ORG Subject: Re: ipfw relies on ipfilter? Date: Thu, 30 Nov 2000 03:09:49 +0000 Organization: not a lot.org Reply-To: john@T-F-I.freeserve.co.uk Message-ID: References: <71F816A89AA9D3119F4C00D0B7094EFC247221@FIN_SYN> <71F816A89AA9D3119F4C00D0B7094EFC206322@FIN_SYN> In-Reply-To: <71F816A89AA9D3119F4C00D0B7094EFC206322@FIN_SYN> X-Mailer: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Matt Bettinger wrote: >i'm at a total loss here. I guess i just need a breather... I been at = this >for a week now. I looked at the manual from freebsd.org dialup = firewall, i >followed that exactly with the exception of changing my interface to = ppp0. >I am on a dialup 56k modem ppp0, cuaa0, user ppp. I am having the >hardest time for some reason just trying to get something that works. >Please dont point me to the list serve archives i have looked there and >really don't see much about the actual rules. There is a third choice which you may find is the easiest; use ppp's own firewall and (if necessary) nat. I find it works very well for my simple dial-up connection and you wont even need to compile anything extra into the kernel. Also it has simple 'dial' filters which can be set to = prevent dialups that you don't want. Have a look at /usr/share/examples/ppp/ppp.conf.sample and man ppp of = course. If you do decide to use it bear in mind there's a small bug that causes syntax errors on filter lines with more than one space before the = trailing remarks eg: set filter alive 1 deny udp dst eq 520 # routed should be changed to: set filter alive 1 deny udp dst eq 520 # routed This has been fixed but only recently. > >I guess first of all I'm confused as to which one to use, right now i >really don't see that much of a difference so i guess i'll use IPFilter.= I >don't need any crazy rulesets as this is just a dialup i would like to >return RST for port 113. Again i am on a dilaup connection i don't >understand if i should be using natd or what have you. Do i need to be >using natd ? Someone was helping me and told me to add dummynet and >bridging and all these things that are over my head, and don't appear >necessary with this simple lame-o dialup.... help? > You only need nat (network address translation) if you have other pcs connecting to the internet via the one you're configuring. HTH John. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message