Date: Tue, 25 Aug 1998 16:53:39 +0200 (CEST) From: Malte Lance <malte.lance@gmx.net> To: Craig Beasland <craig@hotmix.com.au> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: PPP filters Message-ID: <13794.47137.752428.370224@neuron.webmore.de> In-Reply-To: <000801bdcca6$ee1605a0$0a1e21cb@superbruce.hotmix.com.au> References: <000801bdcca6$ee1605a0$0a1e21cb@superbruce.hotmix.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Craig Beasland writes: > Hi there, > > I have a question and a comment. > > Firstly, if I have a private class of IP numbers 192.168.168.1 - 255 and a > BSD box with one single public IP number on the ppp link. > > I run ppp -ddial -alias myisp. This will permanently connect me to my ISP. > I do not have any filters in place, so can anyone get to my private IP'ed > network from the Internet, or because of the alias option and the private IP > numbers not being routed are they blocked. AFAIK the alias-option in user-ppp is a 1:n-NAT. The internal hosts on your 192.168.168-net are being translated to one IP (your public one) and a port-number for each connection. That means, "yes, if there is no firewall and no filters preventing it, anyone could get to your internal network, by just trying your public IP and some port- numbers". And "no, if there is no firewall and no filters installed on your gateway, there is nothing that blocks traffic to your internal network". Malte. > > Secondly, the documentation for setting filters should be perhaps a little > bit clearer which section and which file the filter information should go > in. I tried creating ppp.conf.filter, and only after a couple of hours > searching did it occur to me that the filter commands should go into > ppp.conf and the default section. > > Cheers > Craig > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?13794.47137.752428.370224>