ppp_mode and ipfw
domain.admin at online.ie
Mon Feb 14 13:50:11 GMT 2005
I've been trying to set up ipfw on my FreeBSD box
which I use as a gateway to the Internet on my LAN.
I compiled the kernel with options IPFIREWALL and IPDIVERT,
edited rc.conf and some other files.
Now I have 2 problems:
1.) Each time FreeBSD boots ppp automatically establishes
a connection via ISDN. I do not want it to do that, I want
the connection to be established when some of the other
2 boxes I have on my LAN run software that demands an
For Example, if I run firefox on my linux box, i want
the FreeBSD box to receive the linux boxes request
for a connection and dial my ISP via ISDN.
In rc.conf I set ppp_mode="auto" because in ppp's man
page it says that this is the correct mode for
2.) Although I set up my firewall rules I cannot acces
anything on the outside net anymore, and my other
2 boxes can't acces the Internet after setting aup the
firewall. Also I cannot acces the squid proxy I set up
on my FreeBSD box anymore. All of this was working
before I set up the firewall. What am I doing wrong?
Why can't I access the net outside my home LAN and
why doesn't squid work anymore?
Here's my firewall rule file:
# Force a flushing of the current rules before reload
$fwcmd -f flush
#Check the state of all packets
$fwcmd add check-state
#Divert all packets through the tunnel interface.
$fwcmd add divert natd all from any to any via oif
# Allow all data from my network card and localhost
$fwcmd add allow all from any to any via lo0
$fwcmd add allow ip from any to any via $ii0
# Allow all connections that I initiate
$fwcmd add allow tcp from any to any out xmit oif setup
# Once connections are made, allow them to stay open
$fwcmd add allow tcp from any to any via oif established
# Everyone on the internet is allowed to connect
$fwcmd add allow tcp from any to any 22 setup
$fwcmd add allow tcp from any to any 21 setup
$fwcmd add allow tcp from any to any 8080 setup
$fwcmd add allow tcp from any to any 53 setup
$fwcmd add allow tcp from any to any 4662 setup
$fwcmd add allow udp from any to any 4672 setup
# This sends a RESET to all ident packets
$fwcmd add reset log tcp from any to any 113 in recv oif
# Allow outgoing DNS queries ONLY to the specified servers
$fwcmd add allow udp from any to 22.214.171.124 53 out xmit tun0
$fwcmd add allow udp from any to 126.96.36.199 53 out xmit tun0
# Allow them back in with the answers
$fwcmd add allow udp from 188.8.131.52 53 to any in recv oif
$fwcmd add allow udp from 184.108.40.206 53 to any in recv oif
# Allow ICMP
$fwcmd add 65435 allow icmp from any to any
# Deny all the rest.
#$fwcmd add 65435 deny log ip from any to any
"It was as though a veil had been rent. I saw on that ivory face
the expression of sombre pride, of ruthless power,
of craven terror -- of an intense and hopeless despair.
Did he live his life again in every detail of desire,
temptation, and surrender during that supreme moment
of complete knowledge?"
More information about the freebsd-questions