From owner-freebsd-net  Wed Jul 31 21:10:37 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BE4B337B400
	for <net@freebsd.org>; Wed, 31 Jul 2002 21:10:35 -0700 (PDT)
Received: from brainlink.com (mail.brainlink.com [66.228.0.129])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3BDE443E75
	for <net@freebsd.org>; Wed, 31 Jul 2002 21:10:35 -0700 (PDT)
	(envelope-from anthonyv@brainlink.com)
Received: from [66.228.0.24] (account anthonyv HELO brainlink.com)
  by brainlink.com (CommuniGate Pro SMTP 3.5.3)
  with ESMTP id 14895325 for net@freebsd.org; Wed, 31 Jul 2002 22:59:07 -0400
Message-ID: <3D48A691.9090901@brainlink.com>
Date: Wed, 31 Jul 2002 23:10:09 -0400
From: Anthony Volodkin <anthonyv@brainlink.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.1b) Gecko/20020722
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: net@freebsd.org
Subject: Filtering of PPPoE packets with ipfw
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Hi,

Today, I've setup a machine that allows wireless clients to initiate 
PPPoE sessions with it and thus access the internet or the other network 
connected to that machine.  However, if wireless clients do not use 
PPPoE and manually set their IP address/netmask/gateway, they will still 
be allowed to access the resources.  Is there a way, using ipfw to allow 
only the encapsulated PPPoE packets through an interface?  I can 
definetly tell the difference when looking at them with tcpdump.

On another note, how do I compile ppp with DES support?  The man page 
says that this is necessary for it to work with MS-CHAP v2.  I cant 
figure out how to do that.

My setup involves, pppoe and ppp.  In the future i might investigate 
doing this with mpd as well.

Regards,
Anthony Volodkin
http://non-standard.net/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message