The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]

 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 Multiple WANs with a single modem/line.
Author: J. "Floid" Kanowitz 
Date:   27-12-01 11:21

For a while, I was stuck trying to figure out how to configure both ends of a PPP "WAN," such that the BSD machines on each end could dial the other side of the WAN, or an ISP for internet service. The whole mess would've been handled through some CGI scripts, so less savvy users could dial and hang up connections from their home page.

I wanted to run a very open firewall on the WAN link, but keep the internet connection secured. I was lost, I was confused, and I asked a number of people- most of whom told me "What? You can't do that! Buy DSL!"

Well, you can do it, and there's an easy way. (Thanks to Brian Somers, maintainer of the OpenBSD PPP port, for explaining this to me.)

Userland ppp has the "-unit" option, specifying the "tun" interface that it uses. Without it, it simply picks the first available interface.

However, if you want to use IPF, PF, or another seperate firewall, just configure your rules for a specific tun interface, and call ppp with the proper option:

ppp -ddial -unit0 myisp

or

ppp -ddial -unit1 officenetwork

As a caveat, your packet filter may need to be restarted when the interfaces are assigned new IP addresses, but I've been waiting for an opportunity to get this 'secret' out. If you use ppp's built-in firewall and NAT services, you'll have a much easier ride- but if you're itching to use the standalone filters that all the self-help books document, this is how you pull it off without running everything as root.
Of course, buying DSL does have its advantages, and if one end of your WAN can serve a VPN to the internet-at-large, you dramatically simplify the problem.

[As to the auto-answer problem... Hasn't anyone heard of an init string? ;)]

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org