From owner-freebsd-questions@FreeBSD.ORG  Sat Dec 11 05:46:09 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 100ED16A4CE
	for <questions@freebsd.org>; Sat, 11 Dec 2004 05:46:09 +0000 (GMT)
Received: from twiddle.look.ca (beta1.look.ca [207.136.80.125])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4B70D43D49
	for <questions@freebsd.org>; Sat, 11 Dec 2004 05:46:08 +0000 (GMT)
	(envelope-from david+dated+1103175964.6c6a4d@skytracker.ca)
Received: from 3s1.com ([209.161.205.12])
	by twiddle.look.ca with esmtp (Exim 4.20)
	id 1Cd050-00059P-3V
	for questions@freebsd.org; Sat, 11 Dec 2004 05:46:06 +0000
Received: (from root@localhost)
	by 3s1.com (8.12.8p1/8.12.8) id iBB5k6w5017852
	for questions@freebsd.org; Sat, 11 Dec 2004 00:46:06 -0500 (EST)
	(envelope-from david+dated+1103175964.6c6a4d@skytracker.ca)
Received: from 3s1.com (localhost [127.0.0.1])
	by 3s1.com (8.12.8p1/8.9.3) with ESMTP id iBB5k5ih017826
	for <questions@freebsd.org>; Sat, 11 Dec 2004 00:46:05 -0500 (EST)
Received: (from david@localhost)
	by 3s1.com (8.12.8p1/8.12.8/Submit) id iBB5k48L017823
	for questions@freebsd.org; Sat, 11 Dec 2004 00:46:04 -0500 (EST)
	(envelope-from david+dated+1103175964.6c6a4d@skytracker.ca)
X-Authentication-Warning: 3s1.com: david set sender to
	david+dated+1103175964.6c6a4d@skytracker.ca using -f
Received: by 3s1.com (tmda-sendmail, from uid 1000);
	Sat, 11 Dec 2004 00:46:01 -0500 (EST)
Date: Sat, 11 Dec 2004 00:46:00 -0500
To: "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz>
Message-ID: <20041211054600.GB16388@skytracker.ca>
References: <20041210013055.GA49697@skytracker.ca>
	<41B92C8C.8050407@yahoo.com>	<20041210202014.GA12902@skytracker.ca>
	<41BA651B.1020905@daleco.biz>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <41BA651B.1020905@daleco.biz>
User-Agent: Mutt/1.4.2.1i
X-Delivery-Agent: TMDA/1.0.2 (Bold Forbes)
From: David Banning <david+dated+1103175964.6c6a4d@skytracker.ca>
X-scanner: scanned by Inflex 1.0.12.3 - (http://pldaniels.com/inflex/)
X-SA-Exim-Mail-From: david+dated+1103175964.6c6a4d@skytracker.ca
Content-Type: text/plain; charset=us-ascii
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on psi.look.ca
X-Spam-Level: 
X-Spam-Status: No, hits=0.1 required=9.0 tests=FROM_HAS_MIXED_NUMS 
	autolearn=no version=2.63
X-SA-Exim-Version: 3.1 (built Tue Feb 24 05:09:27 GMT 2004)
X-SA-Exim-Scanned: Yes
cc: questions@freebsd.org
Subject: Re: gateway_enable question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Dec 2004 05:46:09 -0000

> Lots of guys have suggested the firewall.  On ipfw, that'd be
> something like (put your rule number for N and sub your network
> in for 192.168.0):
> 
> add <<N>> deny ip from any 192.168.0/24 to any out via tun0
> 
> (I'm assuming your PPP uses the first tunnel device?)

Not sure what the -first- tunnel device is;

------------------------
root# ifconfig
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 fe80::220:78ff:fe0e:13d6%dc0 prefixlen 64 scopeid 0x1 
        ether 00:20:78:0e:13:d6
        media: Ethernet autoselect (10baseT/UTP)
        status: active
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 209.161.205.12 netmask 0xffffff00 broadcast 209.161.205.255
        inet6 fe80::248:54ff:fe8c:13e5%rl0 prefixlen 64 scopeid 0x2 
        ether 00:48:54:8c:13:e5
        media: Ethernet autoselect (10baseT/UTP)
        status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128 
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 
        inet 127.0.0.1 netmask 0xff000000 
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
        inet 209.161.205.12 --> 207.136.64.4 netmask 0xffffffff 
        Opened by PID 10689
----------------------------

My ppp.conf sets rl0

> In another portion of this thread you stated:
> 
> >On the firewall it is difficult to block the win boxes because I -want- 
> >each machine to be able to contact each other,  but I don't want the
> >windows boxes to have internet connection.
> 
> Now, that seems a little weird.  Do you not have a hub or switch
> other than the BSD box on this network?  Unless you're doing
> some strange routing or something, everybody on the wire
> ought to see everybody else regardless of the settings on the
> firewall (except they maybe won't see *it* ...)

DSL Modem <> BSD Box <> HUB <> All win boxes

Everyone does see each other. I just don't want the win boxes to 
see the internet; but I -do- want them to continue to see each other.



--