From owner-freebsd-questions  Tue Feb  3 09:54:58 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA04187
          for questions-outgoing; Tue, 3 Feb 1998 09:54:58 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from roguetrader.com (cold.org [206.81.134.103])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA04116
          for <questions@freebsd.org>; Tue, 3 Feb 1998 09:54:31 -0800 (PST)
          (envelope-from brandon@roguetrader.com)
Received: from localhost (brandon@localhost)
	by roguetrader.com (8.8.5/8.8.5) with SMTP id IAA08261;
	Tue, 3 Feb 1998 08:41:41 -0700 (MST)
Date: Tue, 3 Feb 1998 08:41:41 -0700 (MST)
From: Brandon Gillespie <brandon@roguetrader.com>
To: Brian Somers <brian@Awfulhak.org>
cc: questions@FreeBSD.ORG
Subject: Re: PPP + FIREWALL == does not work 
In-Reply-To: <199802030731.HAA12930@awfulhak.org>
Message-ID: <Pine.BSF.3.96.980203084005.8251A-100000@roguetrader.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG
X-To-Unsubscribe: mail to majordomo@FreeBSD.org "unsubscribe questions"

On Tue, 3 Feb 1998, Brian Somers wrote:

> > I am working my way towards having an IP Masquerading system, using 
> > client ppp, firewall routing and natd.  I have recompiled with the firewall
> > option, and the divert option.  Before I recompiled the kernel ppp was
> > *fully functional*, that is I could just 'ppp -auto myserv' and it'd
> > do its thing without problem.  Now, if I do this nothing happens.  If
> > I manually run ppp and connect, it dials in and receives the PPP info
> > and drops me back to the ppp command prompt--but it never capitalizes the
> > 'ppp' in the prompt to let me know it is fully functional.  I'm assuming
> > the firewall code is throwing a wrench into things somewhere, but I cant
> > seem to figure out where.  I am running 2.2.5-R, from the NatD manpages
> > I generated a new firewall type of 'divert' to /etc/rc.conf, which is
> > basically:
> > 
> >     $fwcmd add divert natd all from any to any via tun0
> >     $fwcmd add pass all from any to any
> > 
> > And when I boot--it does run correctly.  I am not running natd yet.
> 
> And what do you think happens to the diverted packets ?  Take a look 
> beside the tun socket on the back of your machine.  There'll be a big 
> pile of 0s and 1s on the floor.
> 
> Ppp has aliasing built in.  Just add the -alias switch.  It's all 
> in the man page.

Ahh, sorry, my mistake--I didn't realize this feature existed (has been
added recently?).

So I can assume I dont need 'options IPDIVERT' in the kernel, do I also
not need 'options IPFIREWALL'?  The manual isn't too clear about if I need
this or not...  I'd assume neither, from the way its worded.

Thanks :)

-Brandon