Date: Thu, 5 Jul 2001 11:10:27 +1000 From: "Haikal Saadh" <wyldephyre2@yahoo.com> To: "parv" <parv_@yahoo.com> Cc: <questions@freebsd.org> Subject: RE: ipf -y 'ing using user ppp Message-ID: <PAELLGOEIMDLEJNEBOBOAEJPCBAA.wyldephyre2@yahoo.com> In-Reply-To: <20010704032241.A1895@moo.holy.cow>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of parv > Sent: Wednesday, 4 July 2001 5:23 PM > To: Haikal Saadh > Cc: questions@freebsd.org > Subject: Re: ipf -y 'ing using user ppp > > > so, Haikal Saadh shared this in my lifetime... > > > > Hi all, > > I've come to understand that everytime i dialup using user ppp, > I need to > > resync the filter rules using 'ipf -y'. Now, my problem is, > everytime[1] I > > dial up, I have to ipf -y manually myself. I would put a line > in ppp.linkup, > > but the thing is, ppp.linkup gets run with the priviledges of > the user who > > just invoked ppp, and as i have non-root users dialing out, it does not > > work. > > > > Can anyone tell me how to automatically ipf -y when the ppp > link goes up? > > Especially when invoked by non-root users? > > > > Thanks in advance. > > > > > > [1] Well, it seems to be needed to be done only the first time after a > > reboot most of the time. > > > > same problem here. i suppose you also have some sort of firewall. > before i tweaked my ipf rules, ppp was making connection to the > outside world; now [1] i have always need to do manual syncing. > > [1] now, the connections are ipf "default block". > > > by the way, do you have ppp (and, ipf[w]? options) enabled in your > /etc/rc.conf? admittedly i don't but i was and still do expect > /etc/ppp/ppp.link(up|down) to work ... which of course don't. > > also, there was some discussion of it in past; you may try searching > the archive. > > anyway, here is some of the things that can go in /etc/rc.conf: > > ------------------------ > ppp_enable="NO" > ppp_mode="auto" > ppp_profile="<profile>" > ppp_user="" > ppp_nat="NO" > > ipfilter_enable="YES" > ipfilter_program="/sbin/ipf -Fa -f" > ipfilter_rules="/etc/ipf.conf" > ipfilter_flags="-y -l nomatch" > ipnat_enable="YES" > ipnat_program="/sbin/ipnat -CF -f /etc/ipnat.conf" > ipnat_rules="/etc/ipnat.conf" > ipmon_enable="YES" > ipmon_program="/sbin/ipmon" > ipmon_flags="-Dsv" > ------------------------ > I do not have the ppp lines, as i no not want it to autodial, and I want to allow users to run ppp. As for the ipfilter lines, I have ipfirewall_enable="NO" ipfilter_enable="YES" ipmon_enble="YES" ipmon_flags="-Dvsn" ipnat_enable="YES" The firewall/net rules and all work, I know that as once I ipf -y after i dialup, everything works as expected. All my searches of the mailing lists ended up at ipf -y'ing somewhere, but the issue of non-root users being involved does not seem to be addressed anywhere. Cheers. _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?PAELLGOEIMDLEJNEBOBOAEJPCBAA.wyldephyre2>