Re: User PPP and PF interoperability problem

From: Michel Talon (talon_at_lpthe.jussieu.fr)
Date: 03/27/05 

Date: Sun, 27 Mar 2005 21:21:41 +0000 (UTC)

Matthew X. Economou <xenophon+usenet@irtnog.org> wrote:
> All,
>
> I am trying to use the PF firewall with user PPP. (The Internet
> connection at that location uses PPPoE.) Unfortunately, if I disable
> NAT mode in PPP and enable the PF firewall in its place, I am unable
> to access the Internet. Of course, routing is enabled
> ('gateway_enable="YES"' in /etc/rc.conf), and the PF NAT appears to be
> configured properly (e.g. 'nat on tun0 proto {tcp udp icmp} from
> 10.64.0.0/24 to any -> (tun0)'). A scan of the relevant documentation
> on www.freebsd.org and on groups.google.com (freebsd "user ppp" pf)
> doesn't result in any helpful documentation
>
> Any suggestions? A few articles mentioned having to compile IPFW into
> the kernel in order to use it with user PPP. Does anyone know why?
> Does the same limitation apply to PF? Can I cheat by changing the
> order in which PF and user PPP are enabled by the startup scripts
> (i.e. perhaps there is some interface initialization that should
> happen within PF before user PPP brings up tun0)?

Here i am using ipfilter with the following rule:
map ueagle0 192.168.0.0/24 -> my.external.ip.adress/32
where ueagle0 is my adsl modem (tun0 fro you).
This works great. From reading the pf.conf man page i suspect you need
nat on ppp0 from 10.64.0.0/24 to any -> your.external.ip.adress
Anyways no need to use ipfw natd and all that stuff.

>
> Best wishes,
> Matthew
> 

-- 
Michel TALON

Relevant Pages

  • Re: avast
    ... > Just did a clean installation of xp pro sp1 and download 'avast anti ... Did you firewall before connecting to the internet? ... Internet and patch with the critical updates? ... Why you should use a computer firewall.. ...
    (microsoft.public.windowsxp.general)
  • Re: XP NOT RESPONDING
    ... Did you have a firewall going before connecting to the internet? ... Microsoft has these suggestions for Protecting your computer from the ... Why you should use a computer firewall.. ... are pay - some you can only download if you are registered - but it is best ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: Guide to secure installtion of IIS 5
    ... don't forget a well-configured firewall. ... Do not put the computer onto the network or the Internet until after the ... Follow the instructions for hardening Windows and IIS at ... Install all service packs and security fixes from Microsoft and otherwise ...
    (microsoft.public.inetserver.iis.security)
  • RE: firewall
    ... You need to do a lot of reading about ipfw ... IPFW is the only firewall available to FBSD, ... rules do not function correctly on a DSL or cable internet ... @320 pass in quick on rl0 proto tcp from 63.70.155.0/24 to any port ...
    (freebsd-questions)
  • Re: Security Alerts Driving Me INSANE!
    ... The only reason, really, that you need a firewall and antivirus software is ... because you use the Internet with your computer. ... cleaned up and considered a hardware upgrade or three. ...
    (microsoft.public.windowsxp.security_admin)