ipfw + natd + ppp
Thomas S. Crum
tscrum at 1wisp.com
Sun Dec 7 10:37:42 PST 2003
The first thing you need to do is get ppp working, making its
connection, etc. Just use console on the box until this is completed.
2nd would be to rebuild the kernel for nat and get it working. There
are tutorials on these topics in the freebsd handbook.
For ppp:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/userppp.html
And for nat:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.h
tml
Best,
Tom
-----Original Message-----
From: owner-freebsd-ipfw at freebsd.org
[mailto:owner-freebsd-ipfw at freebsd.org] On Behalf Of fbsd_user
Sent: Sunday, December 07, 2003 10:03 AM
To: Michael Lopez; freebsd-ipfw at freebsd.org
Subject: RE: ipfw + natd + ppp
FYI IPFW and stateful rules has an long time bug when used with
IPFW's built in NATD function. User ppp has it's own NAT function.
You are much better off using User ppp and it's built in NAT
function and IPFW without the divert rule. On the other hand FBSD
also has an second firewall called IPFILTER and it has it's own NAT
function called IPNAT. Both IPFW and IPFILTER come embedded in FBSD
as part of the install. IPFW is authored by the FBSD project and as
such it gets unfair preferred treatment in the FBSD handbook. The
handbook leads the reader into believing IPFW is the only firewall
FBSD has to offer. IPFW is targeted at the professional and the home
power user, not the newbe. IPFW is loaded with code bloat and is
getting worse now that it has been rewritten as IPFW2 and the bug
was not fixed because it's in the NATD module and that was not
rewritten. IPFW is not user friendly and IPFILTER is much more user
friendly and it's stateful rules work without any problems. People
who are members of the IPFW maintenance team tell me the MATD module
code is an can of worms and nobody wants to touch it. If you decide
to use IPFILTER I can point you to an very good how-to. And as a
side note in FBSD 4.9 the ports collection has an new port added for
the IPF firewall. So you really have 3 chooses of firewall
software. I have not tested the IPF port so I have no comments on it
yet.
-----Original Message-----
From: owner-freebsd-ipfw at freebsd.org
[mailto:owner-freebsd-ipfw at freebsd.org]On Behalf Of Michael Lopez
Sent: Sunday, December 07, 2003 12:19 AM
To: freebsd-ipfw at freebsd.org
Subject: ipfw + natd + ppp
Hello all,
I was wondering if you guys have a good URL for ipfw + ppp (dial up)
+ natd for private network (exp: 192.168.0.0) tutorials or
resources ? I tried to search at google.com/bsd but hardly can't
find a good one for dial up (also tried freebsd.org ; defcon.org ;
freebsddiaries ; freebsdhowtos) thank you.
---------------------------------
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
_______________________________________________
freebsd-ipfw at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to
"freebsd-ipfw-unsubscribe at freebsd.org"
_______________________________________________
freebsd-ipfw at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
More information about the freebsd-ipfw
mailing list