Date: Tue, 3 Feb 1998 08:41:41 -0700 (MST) From: Brandon Gillespie <brandon@roguetrader.com> To: Brian Somers <brian@Awfulhak.org> Cc: questions@FreeBSD.ORG Subject: Re: PPP + FIREWALL == does not work Message-ID: <Pine.BSF.3.96.980203084005.8251A-100000@roguetrader.com> In-Reply-To: <199802030731.HAA12930@awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 3 Feb 1998, Brian Somers wrote: > > I am working my way towards having an IP Masquerading system, using > > client ppp, firewall routing and natd. I have recompiled with the firewall > > option, and the divert option. Before I recompiled the kernel ppp was > > *fully functional*, that is I could just 'ppp -auto myserv' and it'd > > do its thing without problem. Now, if I do this nothing happens. If > > I manually run ppp and connect, it dials in and receives the PPP info > > and drops me back to the ppp command prompt--but it never capitalizes the > > 'ppp' in the prompt to let me know it is fully functional. I'm assuming > > the firewall code is throwing a wrench into things somewhere, but I cant > > seem to figure out where. I am running 2.2.5-R, from the NatD manpages > > I generated a new firewall type of 'divert' to /etc/rc.conf, which is > > basically: > > > > $fwcmd add divert natd all from any to any via tun0 > > $fwcmd add pass all from any to any > > > > And when I boot--it does run correctly. I am not running natd yet. > > And what do you think happens to the diverted packets ? Take a look > beside the tun socket on the back of your machine. There'll be a big > pile of 0s and 1s on the floor. > > Ppp has aliasing built in. Just add the -alias switch. It's all > in the man page. Ahh, sorry, my mistake--I didn't realize this feature existed (has been added recently?). So I can assume I dont need 'options IPDIVERT' in the kernel, do I also not need 'options IPFIREWALL'? The manual isn't too clear about if I need this or not... I'd assume neither, from the way its worded. Thanks :) -Brandon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980203084005.8251A-100000>