Date: Sun, 15 Jul 2001 12:24:18 +1000 From: "Haikal Saadh" <wyldephyre2@yahoo.com> To: "Janet Sullivan" <ciscogeek@home.com>, <freebsd-stable@FreeBSD.ORG> Subject: RE: ipf and tun Message-ID: <PAELLGOEIMDLEJNEBOBOEEOMCCAA.wyldephyre2@yahoo.com> In-Reply-To: <3B4C1FA7.6F8CFDAA@home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry for the later reply, but I just tried that, and sit still doesn't
work.
Here is the beginning of my edited rc.network:
Maybe I am missing something?
Cheers!
---BEGIN rc.network---
# Set the host name if it is not already set
#
if [ -z "`hostname -s`" ]; then
hostname ${hostname}
echo -n ' hostname'
fi
# Start user ppp if required. This must happen before natd.
#
case ${ppp_enable} in
[Yy][Ee][Ss])
# Establish ppp mode.
#
if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
-a "${ppp_mode}" != "dedicated" \
-a "${ppp_mode}" != "background" ]; then
ppp_mode="auto"
fi
ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
# Switch on NAT mode?
#
case ${ppp_nat} in
[Yy][Ee][Ss])
ppp_command="${ppp_command} -nat"
;;
esac
ppp_command="${ppp_command} ${ppp_profile}"
echo -n "Starting ppp as \"${ppp_user}\""
su -m ${ppp_user} -c "exec ${ppp_command}"
;;
esac
# Establish ipfilter ruleset as early as possible (best in
# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
#
case "${ipfilter_enable}" in
[Yy][Ee][Ss])
if [ -r "${ipfilter_rules}" ]; then
echo -n ' ipfilter';
${ipfilter_program:-ipf -Fa -f} "${ipfilter_rules}"
${ipfilter_flags}
case "${ipmon_enable}" in
[Yy][Ee][Ss])
echo -n ' ipmon'
${ipmon_program:-ipmon} ${ipmon_flags}
;;
esac
case "${ipnat_enable}" in
[Yy][Ee][Ss])
if [ -r "${ipnat_rules}" ]; then
echo -n ' ipnat';
${ipnat_program:-ipnat -CF -f}
"${ipnat_rules}" ${ipnat_flags}
else
echo -n ' NO IPNAT RULES'
fi
;;
esac
else
ipfilter_enable="NO"
echo -n ' NO IPF RULES'
fi
;;
esac
# rest snipped
----END rc.network----
and the relevant bits from rc.conf
---BEGIN rc.conf---
ppp_enable="YES"
ppp_nat="NO"
ipfirewall_enable="NO"
ipfilter_enable="YES"
ipmon_enble="YES"
ipmon_flags="sDF -oI"
ipnat_enable="YES"
----END rc.conf.
> -----Original Message-----
> From: owner-freebsd-stable@FreeBSD.ORG
> [mailto:owner-freebsd-stable@FreeBSD.ORG]On Behalf Of Janet Sullivan
> Sent: Wednesday, 11 July 2001 7:43 PM
> To: Haikal Saadh; freebsd-stable@FreeBSD.ORG
> Subject: Re: ipf and tun
>
>
>
> In case I didn't make myself clear - I meant to say that you move the
> user ppp section of the script so that it is right before the ipf
> section. I'm filled with Nyquil and have a head cold right now, so I
> apologize if I'm not totally coherent. ;-)
>
> Janet Sullivan wrote:
> >
> > You can edit /etc/rc.network and move the entire user ppp section of the
> > script right before the ipf section. Then ipf -y'ing won't be
> > necessary. It worked for me for several months - after editing
> > rc.network I just rebooted and from then on I didn't have to manually do
> > anything with ipf to make it work with userland ppp. Of course, if you
> > upgrade to a newer rc.network file while tracking -STABLE, you'll have
> > to edit the file again. YMMV.
> >
> > Haikal Saadh wrote:
> > >
> > > I've noticed that this has been tossed around the lists for
> fair while, but
> > > no one has actually come up with a solution :(. I've a
> similar problem, but
> > > the thing with ip -y'ing in ppp.linkup is that it executes
> the commands in
> > > ppp.linkup as the user who invoked ppp, and ipf -y needs to
> be done as root
> > > (according to the manpage, and yes, non rot user can't ipf -y).
> > >
> > > Is their anything else that can be done?
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?PAELLGOEIMDLEJNEBOBOEEOMCCAA.wyldephyre2>