From owner-freebsd-net@FreeBSD.ORG  Wed Jul 30 14:32:32 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7053E37B401
	for <freebsd-net@freebsd.org>; Wed, 30 Jul 2003 14:32:32 -0700 (PDT)
Received: from imf24aec.mail.bellsouth.net (imf24aec.mail.bellsouth.net
	[205.152.59.72])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 661EC43F3F
	for <freebsd-net@freebsd.org>; Wed, 30 Jul 2003 14:32:31 -0700 (PDT)
	(envelope-from dngor@bellsouth.net)
Received: from eyrie.homenet ([68.213.211.142])
	by imf24aec.mail.bellsouth.netESMTP
	<20030730213230.LEDL19510.imf24aec.mail.bellsouth.net@eyrie.homenet>
	for <freebsd-net@freebsd.org>; Wed, 30 Jul 2003 17:32:30 -0400
Received: from eyrie.homenet (abuse@localhost [127.0.0.1])
	by eyrie.homenet (8.12.9/8.12.9) with ESMTP id h6ULWTvu038221
	for <freebsd-net@freebsd.org>; Wed, 30 Jul 2003 17:32:29 -0400 (EDT)
	(envelope-from troc@eyrie.homenet)
Received: (from troc@localhost)
	by eyrie.homenet (8.12.9/8.12.9/Submit) id h6ULWTmn038220
	for freebsd-net@freebsd.org; Wed, 30 Jul 2003 17:32:29 -0400 (EDT)
	(envelope-from troc)
Date: Wed, 30 Jul 2003 17:32:29 -0400
From: Rocco Caputo <rcaputo@pobox.com>
To: freebsd-net@freebsd.org
Message-ID: <20030730213229.GA37634@eyrie.homenet>
References: <20030730191530.GD36116@eyrie.homenet>
	<Pine.BSF.4.21.0307301250130.23956-100000@InterJet.elischer.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.BSF.4.21.0307301250130.23956-100000@InterJet.elischer.org>
User-Agent: Mutt/1.4.1i
Subject: Re: pppoe, can't ping tun0, ipfnat ftp proxy "doesn't work"
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jul 2003 21:32:32 -0000

On Wed, Jul 30, 2003 at 12:51:32PM -0700, Julian Elischer wrote:
> 
> You are complicating things by running both ipfw and ipf.
> can you not do just one of them?

I'm not sure.  The literature I've read so far says neither firewall
does traffic shaping AND supports active FTP in a deny-by-default
setting.  If google's to be believed, the generally accepted solution is
to use ipfw2 for DUMMYNET and ipf/ipfnat for firewalling and active FTP
proxying.

The combination served me well when I was using ppp(8) to drive a serial
modem.  Now that I've switched to ADSL and PPPoE, things seem subtly
broken.  I blame the user (myself), but I haven't found a solution after
beating on the problem for several days.

-- 
Rocco Caputo - rcaputo@pobox.com - http://poe.perl.org/