From owner-freebsd-ipfw@FreeBSD.ORG Sun Dec 7 10:37:42 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 954D116A4CE for ; Sun, 7 Dec 2003 10:37:42 -0800 (PST) Received: from mta11.adelphia.net (mta11.adelphia.net [68.168.78.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id 17C7843F3F for ; Sun, 7 Dec 2003 10:37:41 -0800 (PST) (envelope-from tscrum@1wisp.com) Received: from wolf ([68.235.82.98]) by mta11.adelphia.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP id <20031207183744.JECC13090.mta11.adelphia.net@wolf>; Sun, 7 Dec 2003 13:37:44 -0500 From: "Thomas S. Crum" To: , "'Michael Lopez'" , Date: Sun, 7 Dec 2003 13:37:32 -0500 Organization: 1WISP, Inc. Message-ID: <003801c3bcf1$30866480$6252eb44@wolf> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 In-Reply-To: Importance: Normal Subject: RE: ipfw + natd + ppp X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Dec 2003 18:37:42 -0000 The first thing you need to do is get ppp working, making its connection, etc. Just use console on the box until this is completed. 2nd would be to rebuild the kernel for nat and get it working. There are tutorials on these topics in the freebsd handbook. For ppp: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/userppp.html And for nat: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.h tml Best, Tom -----Original Message----- From: owner-freebsd-ipfw@freebsd.org [mailto:owner-freebsd-ipfw@freebsd.org] On Behalf Of fbsd_user Sent: Sunday, December 07, 2003 10:03 AM To: Michael Lopez; freebsd-ipfw@freebsd.org Subject: RE: ipfw + natd + ppp FYI IPFW and stateful rules has an long time bug when used with IPFW's built in NATD function. User ppp has it's own NAT function. You are much better off using User ppp and it's built in NAT function and IPFW without the divert rule. On the other hand FBSD also has an second firewall called IPFILTER and it has it's own NAT function called IPNAT. Both IPFW and IPFILTER come embedded in FBSD as part of the install. IPFW is authored by the FBSD project and as such it gets unfair preferred treatment in the FBSD handbook. The handbook leads the reader into believing IPFW is the only firewall FBSD has to offer. IPFW is targeted at the professional and the home power user, not the newbe. IPFW is loaded with code bloat and is getting worse now that it has been rewritten as IPFW2 and the bug was not fixed because it's in the NATD module and that was not rewritten. IPFW is not user friendly and IPFILTER is much more user friendly and it's stateful rules work without any problems. People who are members of the IPFW maintenance team tell me the MATD module code is an can of worms and nobody wants to touch it. If you decide to use IPFILTER I can point you to an very good how-to. And as a side note in FBSD 4.9 the ports collection has an new port added for the IPF firewall. So you really have 3 chooses of firewall software. I have not tested the IPF port so I have no comments on it yet. -----Original Message----- From: owner-freebsd-ipfw@freebsd.org [mailto:owner-freebsd-ipfw@freebsd.org]On Behalf Of Michael Lopez Sent: Sunday, December 07, 2003 12:19 AM To: freebsd-ipfw@freebsd.org Subject: ipfw + natd + ppp Hello all, I was wondering if you guys have a good URL for ipfw + ppp (dial up) + natd for private network (exp: 192.168.0.0) tutorials or resources ? I tried to search at google.com/bsd but hardly can't find a good one for dial up (also tried freebsd.org ; defcon.org ; freebsddiaries ; freebsdhowtos) thank you. --------------------------------- Do you Yahoo!? Free Pop-Up Blocker - Get it now _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"