From owner-freebsd-questions Fri Aug 11 12:27: 3 2000 Delivered-To: freebsd-questions@freebsd.org Received: from wireco.net (mental.wireco.net [206.107.119.3]) by hub.freebsd.org (Postfix) with SMTP id A52EF37B873 for ; Fri, 11 Aug 2000 12:26:58 -0700 (PDT) (envelope-from hornback@wireco.net) Received: (qmail 27385 invoked from network); 11 Aug 2000 19:26:52 -0000 Received: from d23.johnson-city.tn.us.wireco.net (HELO challenger) (206.107.119.212) by mental.wireco.net with SMTP; 11 Aug 2000 19:26:52 -0000 Reply-To: From: "Andrew C. Hornback" To: "'Andresen,Jason R.'" Cc: Subject: Firewall Logic (was: RE: Firewalling for PPP Connections) Date: Fri, 11 Aug 2000 15:24:14 -0400 Message-ID: <004a01c003c9$bc275ce0$d4776bce@challenger> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 In-reply-to: <3992C145.345E5EBF@mitre.org> Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of > Andresen,Jason R. > Sent: Thursday, August 10, 2000 10:51 AM > To: hyghlander@mindspring.com > Cc: questions@FreeBSD.ORG > Subject: Re: Firewalling for PPP Connections > > hyghlander@mindspring.com wrote: > > > > Folks: > > > > I've never been the sharpest knife in the drawer, but I was > a little > confused about the reference to a network card in > > > http://www.freebsd.org/tutorials/dialup-firewall/rules.html. > For my > PPP interface, I'm going out via tun0 to a modem on > a serial port. To > the best of my knowledge there's no > network card in the machine. > > Um, if the machine has no network attached to it, why are you > setting up > the box to be a firewall? A firewall is supposed to sit between the > internet and your internal network, but you appear to have > not internal > network, so the firewall seems kind of useless. Are you sure > you don't > just want to configure PPP and not bother with the firewall at all? Umm, the problem here is the given idea of what a firewall does. There's more than one definition for firewalls. Basically, they offer protection to the machines on the "private" side, protecting them from the "public" side. Now, a firewall can be a machine, or it can be a program implementation. Most often on here, we talk of a firewall machine, yet there are those who do not have LANs yet want the protection offered by the implementation of a firewall. The difference in this respect would be how the firewall would forward packets. In a firewall box/LAN setting, it would forward packets to other machines on the network. In the single machine setting, it would only allow applications/etc. to use packets that pass through the filter as being "good". Perhaps this user is wanting to set up a form of protection for their dial-up PPP connection. It doesn't seem all that strange to me. --- Andy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message