Date: Sat, 22 May 1999 14:52:29 +0100 From: Brian Somers <brian@Awfulhak.org> To: Ben Smithurst <ben@scientia.demon.co.uk> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IP masquerading with user ppp Message-ID: <199905221352.OAA71082@keep.lan.Awfulhak.org> In-Reply-To: Your message of "Sat, 22 May 1999 02:25:01 BST." <19990522022501.A42309@rainbow5.scientia.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm having a few problems getting IP masquerading working here, [.....] > I just see things like this in scientia's log: > > May 22 02:15:07 scientia /kernel: ipfw: 1000 Deny TCP 192.168.1.2:3999 204.216.27.21:80 out via tun0 > May 22 02:15:10 scientia /kernel: ipfw: 1000 Deny TCP 192.168.1.2:3999 204.216.27.21:80 out via tun0 > > (ipfw stops packets with a src or dst address in 192.168/16 going out > into the big wide world, IP masq should rewrite this source address, > shouldn't it, or am I completely missing the point?) > > What am I not doing which I should be? The FAQ says ppp has this > functionality built in, so I shouldn't need natd, I haven't seen any extra > kernel options mentioned anywhere, I've read the ppp manpage over and over > (although probably not carefully enough), so I'd appreciate any help > anyone can provide. The problem is that the packet goes through the tun device with the 192.168.1.2 address *before* hitting ppp and getting tweaked according to your Demon IP. You've got to allow them through your firewall. > -- > Ben Smithurst > ben@scientia.demon.co.uk -- Brian <brian@Awfulhak.org> <brian@FreeBSD.org> <http://www.Awfulhak.org> <brian@OpenBSD.org> Don't _EVER_ lose your sense of humour ! <brian@uk.FreeBSD.org> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905221352.OAA71082>