firewall

Robert Storey y2kbug at ms25.hinet.net
Wed Sep 17 18:46:13 PDT 2003 

On Wed, 17 Sep 2003 14:29:22 -0400
"Bob Hall" <rjhjr at cox.net> wrote:

> At this point, I'm a little confused. You said previously that 
> this would be the only machine that accessed the Internet via 
> PPP. Now you're setting it up as the gateway, which means that 
> other machines will be accessing the Internet via PPP on your 
> gateway.
> 
> To reiterate from an earlier post, you have three options:
> 1) This is not a gateway. You need PPP and a firewall.
> 
> 2) This is a gateway. You need PPP, a firewall, and NAT 
> implemented via user PPP.
> 
> 3) This is a gateway. You need PPP, a firewall, and NAT 
> implemented via the firewall. 
> 
> Decide on an option, and tell us which you're going to 
> implement.

Apologies humbly offered. Apparently, I'm getting confused by reading
the tons of documentation I've been looking at. For now, option No. 1
will do - I just want to get kernel ppp working with a firewall enabled.
So far, I've gotten ppp working, but only with the firewall disabled.

> > One kind member of this list suggested I must compile this into my
> > kernel:
> > 
> >     options IPDIVERT
> 
> You need that only for option 3.

 
> You also need 
> 	options         IPFIREWALL
> for any of the three options.

Now that's interesting. I did indeed read that in "FreeBSD Unleashed",
but "The Complete FreeBSD" says "If you wish you can build a kernel with
firewall support...but you don't need to build a new kernel. You can
load the KLD /boot/kernel/ipfw.ko instead: #kldload ipfw"
So I tried that, and it told me it was already loaded.

However, I will take your advice and rebuild the kernel with this
option, and report back soon (probably within the hour).

> > # set these to your outside interface network and netmask and ip
> > oif="ppp0"
> > onet="168.95.0.0"
> > omask="255.255.255.255"
> > oip="168.95.0.0"
> 
> oip = Outer IP address. 168.95.0.0 is not your oip. Once again, 
> the oip is found in the ppp0 section of the output from "ifconfig -a".
> It changes every time you dial up.

OK, that part I knew, but what setting should I use? Just leave it
blank? When I try "ifconfig -a" it always gives me an address in the
format 168.95.xx.xx where x can be any number. 

Again, thank you for your help. Sorry for my stupidity, but I am
probably the only FreeBSD user within 100 miles of where I live - on one
around here who I can ask.

regards,
Robert

More information about the freebsd-questions mailing list