Date: Fri, 22 Jul 2005 04:52:56 -0400 From: Chuck Swiger <cswiger@mac.com> To: Dirk GOUDERS <gouders@et.bocholt.fh-ge.de> Cc: questions@freebsd.org Subject: Re: ipfw and tun0 Message-ID: <42E0B3E8.8030000@mac.com> In-Reply-To: <200507220726.j6M7Qfw3075675@musashi.et.bocholt.fh-gelsenkirchen.de> References: <200507220726.j6M7Qfw3075675@musashi.et.bocholt.fh-gelsenkirchen.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Dirk GOUDERS wrote: >>> I just started to use an ADSL line with PPPoE and want run a firewall >>> between it and my local network. What I am wondering about is that even >>> if I only have the default everything-blocking rule (deny ip from any to >>> any) I still see incoming packets on tun0 with tcpdump. If you are using PPPoE, the system de-encapsulates the IP traffic off of the PPP session via the tun0 interface. tun0 can be treated as your "external interface" when writing firewall rules, setting up NAT, etc. [ ... ] > Another example is that I saw several SYN packets directed to > unprivileged ports that got answered with a RST packet by my machine. > When I block those SYN packets, I still see them on tun0 but the RST > responses disappear. Also, ipfw's counters show that it recognizes > those packets... Right. This implies that the firewall rules are working. If you want to see what the situation looks like to a client machine behind the firewall, either tcpdump on a client machine, or tcpdump on the internal interface of the firewall box... -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42E0B3E8.8030000>