Date: Sat, 22 May 1999 14:52:29 +0100 From: Brian Somers <brian@Awfulhak.org> To: Ben Smithurst <ben@scientia.demon.co.uk> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IP masquerading with user ppp Message-ID: <199905221352.OAA71082@keep.lan.Awfulhak.org> In-Reply-To: Your message of "Sat, 22 May 1999 02:25:01 BST." <19990522022501.A42309@rainbow5.scientia.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm having a few problems getting IP masquerading working here,
[.....]
> I just see things like this in scientia's log:
>
> May 22 02:15:07 scientia /kernel: ipfw: 1000 Deny TCP 192.168.1.2:3999 204.216.27.21:80 out via tun0
> May 22 02:15:10 scientia /kernel: ipfw: 1000 Deny TCP 192.168.1.2:3999 204.216.27.21:80 out via tun0
>
> (ipfw stops packets with a src or dst address in 192.168/16 going out
> into the big wide world, IP masq should rewrite this source address,
> shouldn't it, or am I completely missing the point?)
>
> What am I not doing which I should be? The FAQ says ppp has this
> functionality built in, so I shouldn't need natd, I haven't seen any extra
> kernel options mentioned anywhere, I've read the ppp manpage over and over
> (although probably not carefully enough), so I'd appreciate any help
> anyone can provide.
The problem is that the packet goes through the tun device with the
192.168.1.2 address *before* hitting ppp and getting tweaked
according to your Demon IP. You've got to allow them through your
firewall.
> --
> Ben Smithurst
> ben@scientia.demon.co.uk
--
Brian <brian@Awfulhak.org> <brian@FreeBSD.org>
<http://www.Awfulhak.org>; <brian@OpenBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@uk.FreeBSD.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905221352.OAA71082>