The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]

FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 ipfw and dial up net connection +1 violent student
Author: inflexion 
Date:   02-09-00 15:13

Current system: -

FreeBSD 3.1-release on a P120 with 2 500 MB drives, acting as a small proxy server for an internal home network.

Two NICs, ed0 and ed2. ed0 is connected to my internal fake domain, 10.0.0.0/24 network. ed2 was installed to create a crossing between ed0 and ed2 which would be firewalled (dual homed, so I believed).

I currently use ppp to dial and connect to my ISP. I require an HTTP proxy (Squid) port 3128 and 1080, IRC and FTP direct access (149 and 20/21 I believe). The problem is, I do not understand how to route between ed0, ed2 and ppp. Here is the picture: -


internal system request --> 10.0.0.1 (this box) ed0 --> 90.0.0.1 ed2 --> ppp ---> ISP.

I have configured the machine to be a gateway, and will firewall packets flowing between ed0 and ed2; is this a good idea or should I simply disregard ed2 and use ed0 and ppp, and firewall connections between those? - I cannot figure out how to firewall connections between ppp and ed0, since the "oif" settings require an IP address - an IP which is assigned to me on dialing with ppp.

Please note - Squid and ppp worked fine by themselves, using ed0 and ppp only, with the "add default HISADDR" option in ppp.conf.

How should I approach this situation? - all you hardened money-earners seem to have dedicated internet connections, and most of the documents available seem to reflect this.

Cheers all in advance.
Reply To This Message
 
 RE: ipfw and dial up net connection +1 violent stu
Author: Dan Langille 
Date:   02-09-00 22:42

> hardened money-earners

Thanks.

No where do you mean what you are using as a firewall. I'm guessing you are using natd/ipfw becuase you mentioned "oif".

I know what I do with ipnat/ipf (my preferred nat/packet filter). I set the IP address to 0.0.0.0/32. Have you tried that?

Next option: don't use rc.firewall. Write your own rules, using that as a base. And don't refer to an ip address. Just refer to your tun0 interface. e.g.:

ipfw add 100 allow ip from any to any via tun0
ipfw add 50 divert 8668 ip from any to any via tun0
Reply To This Message
 
 RE: ipfw and dial up net connection +1 violent stu
Author: elliot 
Date:   13-09-00 01:43

i'm trying to remember, but according to the man page
(http://www.freebsd.org/cgi/man.cgi?query=ppp&apropos=0&sektion=0&manpath=FreeBSD+3.1-RELEASE&format=html)
use ppp -alias, not nat

if you need more help, let me know, i have done it on several occasions
Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org


Servers and bandwidth provided by New York Internet, SuperNews, and RootBSD. Valid CSS and RSS.
Copyright © 1997-2012 DVL Software Ltd.
All rights reserved.