From owner-freebsd-questions Tue Feb 29 20:12:19 2000 Delivered-To: freebsd-questions@freebsd.org Received: from charon.khoral.com (charon.khoral.com [209.75.155.97]) by hub.freebsd.org (Postfix) with SMTP id 2868237BDC0 for ; Tue, 29 Feb 2000 20:12:16 -0800 (PST) (envelope-from steve@khoral.com) Received: from zen.alb.khoral.com by charon.khoral.com via smtpd (for hub.FreeBSD.ORG [204.216.27.18]) with SMTP; 1 Mar 2000 04:12:16 UT Received: (from steve@localhost) by zen.alb.khoral.com (8.9.3/8.9.3) id VAA18392 for questions@freebsd.org; Tue, 29 Feb 2000 21:12:14 -0700 (MST) From: Steve Jorgensen Message-Id: <200003010412.VAA18392@zen.alb.khoral.com> Subject: packet filtering from ppp To: questions@freebsd.org Date: Tue, 29 Feb 2000 21:12:14 -0700 (MST) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have a little 16 IP number net, that is connected to the internet via the user ppp on the gateway machine. I'm running on a FreeBSD 3.4-STABLE machine last cvsup'ed about a month ago. Since I have real IP numbers, I'm NOT using the -nat options to ppp, but I would like to use the set filter syntax to protect myself from prying external programs (in fact, I've been getting probed on my samba port for the last couple of weeks from various external ip numbers) Anyway, I set up my rules based on instructions I found in the ppp tutorial at http://www.freebsd.org/tutorials/ppp/x870.html, but I can't seem to get things to work right. The example shown indicates that only the specified services will be allowed to operate through the tun device, and all other packets will be blocked. However, when I run it, it either lets everything through or disallows any new external to internal connections to be started. This behavior is based on the following lines set filter in 6 permit 0/0 MYGATEWAYADDR/24 set filter out 6 permit MYGATEWAYADDR/24 0/0 If I have these two lines set, it doesn't matter if I have any of the other lines in the tutorial, it allows all packets through. If I comment those two lines out, no new external connections can be established. Any help is appreciated, and I can make my full set filter lines available if it's necessary. Steve -- ----------------------------------------------------------- Steven Jorgensen steve@khoral.com steve@spukhaus.com ------------------------------+---------------------------- Khoral Research Inc. | PHONE: (505) 837-6500 6200 Uptown Blvd, Suite 200 | FAX: (505) 881-3842 Albuquerque, NM 87110 | URL: http://www.khoral.com/ ----------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message