ipfw and tun0
Chuck Swiger
cswiger at mac.com
Fri Jul 22 08:53:10 GMT 2005
Dirk GOUDERS wrote:
>>> I just started to use an ADSL line with PPPoE and want run a firewall
>>> between it and my local network. What I am wondering about is that even
>>> if I only have the default everything-blocking rule (deny ip from any to
>>> any) I still see incoming packets on tun0 with tcpdump.
If you are using PPPoE, the system de-encapsulates the IP traffic off of the
PPP session via the tun0 interface. tun0 can be treated as your "external
interface" when writing firewall rules, setting up NAT, etc.
[ ... ]
> Another example is that I saw several SYN packets directed to
> unprivileged ports that got answered with a RST packet by my machine.
> When I block those SYN packets, I still see them on tun0 but the RST
> responses disappear. Also, ipfw's counters show that it recognizes
> those packets...
Right. This implies that the firewall rules are working. If you want to see
what the situation looks like to a client machine behind the firewall, either
tcpdump on a client machine, or tcpdump on the internal interface of the
firewall box...
--
-Chuck
More information about the freebsd-questions
mailing list