Date: Wed, 18 Nov 1998 03:46:18 +0000 From: Brian Somers <brian@Awfulhak.org> To: Eddie Irvine <eirvine@tpgi.com.au> Cc: questions@FreeBSD.ORG Subject: Re: ppp and 192.168.0.0 packets. Message-ID: <199811180346.DAA08337@woof.lan.awfulhak.org> In-Reply-To: Your message of "Tue, 17 Nov 1998 23:47:28 %2B1100." <36517060.4CD7035E@tpgi.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> Now, I'm concerned that without the -alias option on all the > time, packets from my private net will sometimes go down > the phone line and onto the internet, making me a (gasp!) > "bad citizen". > > 1) Should I worry about this? Well, you shouldn't do it.... > OK, so, let's assume that I turn aliasing ON all the time and enable > some of the packet filtering rules. To make it simple, say I want to > permit only the server (interfaces 192.168.1.1, 192.168.2.1, > 192.168.3.1 and whatever the ISP assigns to MYADDR) to be able > to access port 80, and only the teacher's machine (192.168.1.115) > to be able to access the ISP's pop server. > > 2) Can the filtering rules do this, when aliasing is turned on? Yep. They're applied before aliasing. > 3) How does the ppp filter scan the rule set? Does it start at the top > of the rule set with each packet and *stop* at the first permit or deny > that matches the packet? Yep. > I've made a diagram of our network to help with this question - you can > find it on: > > http://www1.tpgi.com.au/users/eirvine/freebsd/screens.html#topology > > Cheers, > Eddie. -- Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org> <http://www.Awfulhak.org> Don't _EVER_ lose your sense of humour.... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811180346.DAA08337>