Date: Thu, 30 Nov 2000 03:09:49 +0000 From: John Murphy <john253@crosswinds.net> To: <mattb@finsyn.com> Cc: questions@FreeBSD.ORG Subject: Re: ipfw relies on ipfilter? Message-ID: <vkeb2tk544125i4lp7uls594a4easc4evc@4ax.com> In-Reply-To: <71F816A89AA9D3119F4C00D0B7094EFC206322@FIN_SYN> References: <71F816A89AA9D3119F4C00D0B7094EFC247221@FIN_SYN> <71F816A89AA9D3119F4C00D0B7094EFC206322@FIN_SYN>
next in thread | previous in thread | raw e-mail | index | archive | help
Matt Bettinger wrote: >i'm at a total loss here. I guess i just need a breather... I been at = this >for a week now. I looked at the manual from freebsd.org dialup = firewall, i >followed that exactly with the exception of changing my interface to = ppp0. >I am on a dialup 56k modem ppp0, cuaa0, user ppp. I am having the >hardest time for some reason just trying to get something that works. >Please dont point me to the list serve archives i have looked there and >really don't see much about the actual rules. There is a third choice which you may find is the easiest; use ppp's own firewall and (if necessary) nat. I find it works very well for my simple dial-up connection and you wont even need to compile anything extra into the kernel. Also it has simple 'dial' filters which can be set to = prevent dialups that you don't want. Have a look at /usr/share/examples/ppp/ppp.conf.sample and man ppp of = course. If you do decide to use it bear in mind there's a small bug that causes syntax errors on filter lines with more than one space before the = trailing remarks eg: set filter alive 1 deny udp dst eq 520 # routed should be changed to: set filter alive 1 deny udp dst eq 520 # routed This has been fixed but only recently. > >I guess first of all I'm confused as to which one to use, right now i >really don't see that much of a difference so i guess i'll use IPFilter.= I >don't need any crazy rulesets as this is just a dialup i would like to >return RST for port 113. Again i am on a dilaup connection i don't >understand if i should be using natd or what have you. Do i need to be >using natd ? Someone was helping me and told me to add dummynet and >bridging and all these things that are over my head, and don't appear >necessary with this simple lame-o dialup.... help? > You only need nat (network address translation) if you have other pcs connecting to the internet via the one you're configuring. HTH John. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?vkeb2tk544125i4lp7uls594a4easc4evc>