From owner-freebsd-questions Sat May 22 6:53:36 1999 Delivered-To: freebsd-questions@freebsd.org Received: from awfulhak.org (awfulhak.force9.co.uk [195.166.136.63]) by hub.freebsd.org (Postfix) with ESMTP id 8656A14D3D for ; Sat, 22 May 1999 06:53:24 -0700 (PDT) (envelope-from brian@lan.awfulhak.org) Received: from keep.lan.Awfulhak.org (keep.lan.Awfulhak.org [172.16.0.8]) by awfulhak.org (8.9.2/8.9.2) with ESMTP id OAA23576; Sat, 22 May 1999 14:53:23 +0100 (BST) (envelope-from brian@lan.awfulhak.org) Received: from keep.lan.Awfulhak.org (localhost [127.0.0.1]) by keep.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id OAA71082; Sat, 22 May 1999 14:52:29 +0100 (BST) (envelope-from brian@keep.lan.Awfulhak.org) Message-Id: <199905221352.OAA71082@keep.lan.Awfulhak.org> X-Mailer: exmh version 2.0.2 2/24/98 To: Ben Smithurst Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IP masquerading with user ppp In-reply-to: Your message of "Sat, 22 May 1999 02:25:01 BST." <19990522022501.A42309@rainbow5.scientia.demon.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 22 May 1999 14:52:29 +0100 From: Brian Somers Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > I'm having a few problems getting IP masquerading working here, [.....] > I just see things like this in scientia's log: > > May 22 02:15:07 scientia /kernel: ipfw: 1000 Deny TCP 192.168.1.2:3999 204.216.27.21:80 out via tun0 > May 22 02:15:10 scientia /kernel: ipfw: 1000 Deny TCP 192.168.1.2:3999 204.216.27.21:80 out via tun0 > > (ipfw stops packets with a src or dst address in 192.168/16 going out > into the big wide world, IP masq should rewrite this source address, > shouldn't it, or am I completely missing the point?) > > What am I not doing which I should be? The FAQ says ppp has this > functionality built in, so I shouldn't need natd, I haven't seen any extra > kernel options mentioned anywhere, I've read the ppp manpage over and over > (although probably not carefully enough), so I'd appreciate any help > anyone can provide. The problem is that the packet goes through the tun device with the 192.168.1.2 address *before* hitting ppp and getting tweaked according to your Demon IP. You've got to allow them through your firewall. > -- > Ben Smithurst > ben@scientia.demon.co.uk -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message