gateway_enable question

David Banning david+dated+1103175964.6c6a4d at skytracker.ca
Fri Dec 10 21:46:09 PST 2004 

> Lots of guys have suggested the firewall.  On ipfw, that'd be
> something like (put your rule number for N and sub your network
> in for 192.168.0):
> 
> add <<N>> deny ip from any 192.168.0/24 to any out via tun0
> 
> (I'm assuming your PPP uses the first tunnel device?)

Not sure what the -first- tunnel device is;

------------------------
root# ifconfig
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 fe80::220:78ff:fe0e:13d6%dc0 prefixlen 64 scopeid 0x1 
        ether 00:20:78:0e:13:d6
        media: Ethernet autoselect (10baseT/UTP)
        status: active
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 209.161.205.12 netmask 0xffffff00 broadcast 209.161.205.255
        inet6 fe80::248:54ff:fe8c:13e5%rl0 prefixlen 64 scopeid 0x2 
        ether 00:48:54:8c:13:e5
        media: Ethernet autoselect (10baseT/UTP)
        status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128 
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 
        inet 127.0.0.1 netmask 0xff000000 
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
        inet 209.161.205.12 --> 207.136.64.4 netmask 0xffffffff 
        Opened by PID 10689
----------------------------

My ppp.conf sets rl0

> In another portion of this thread you stated:
> 
> >On the firewall it is difficult to block the win boxes because I -want- 
> >each machine to be able to contact each other,  but I don't want the
> >windows boxes to have internet connection.
> 
> Now, that seems a little weird.  Do you not have a hub or switch
> other than the BSD box on this network?  Unless you're doing
> some strange routing or something, everybody on the wire
> ought to see everybody else regardless of the settings on the
> firewall (except they maybe won't see *it* ...)

DSL Modem <> BSD Box <> HUB <> All win boxes

Everyone does see each other. I just don't want the win boxes to 
see the internet; but I -do- want them to continue to see each other.



--

More information about the freebsd-questions mailing list