|
Lines 294-299
Link Here
|
| 294 |
firewall.</para> |
294 |
firewall.</para> |
| 295 |
</answer> |
295 |
</answer> |
| 296 |
</qandaentry> |
296 |
</qandaentry> |
|
|
297 |
|
| 298 |
<!-- addition starts here --> |
| 299 |
|
| 300 |
<qandaentry> |
| 301 |
<question> |
| 302 |
<para>There must be something wrong. I followed your instructions |
| 303 |
to the letter and now I am locked out.</para> |
| 304 |
</question> |
| 305 |
|
| 306 |
<answer> |
| 307 |
<para>This tutorial assumes that you are running |
| 308 |
<emphasis>userland-ppp</emphasis>, therefore the supplied ruleset |
| 309 |
operates on the <devicename>tun0</devicename> interface, which |
| 310 |
corresponds to the first connection made with &man.ppp.8; (a.k.a. |
| 311 |
<emphasis>user-ppp</emphasis>). Additional connections would use |
| 312 |
<devicename>tun1</devicename>, <devicename>tun2</devicename> and so |
| 313 |
on.</para> |
| 314 |
|
| 315 |
<para>You should also note that &man.pppd.8; uses the |
| 316 |
<devicename>ppp0</devicename> interface instead, so if you start the |
| 317 |
connection with &man.pppd.8; you must substitute |
| 318 |
<devicename>tun0</devicename> for <devicename>ppp0</devicename>. A |
| 319 |
quick way to edit the firewall rules to reflect this change is shown |
| 320 |
below. The original ruleset is backed up as |
| 321 |
<filename>fwrules_tun0</filename>.</para> |
| 322 |
|
| 323 |
<screen> |
| 324 |
<prompt>˜ &prompt.user; </prompt><userinput>cd /etc/firewall</userinput> |
| 325 |
<prompt>/etc/firewall &prompt.user; </prompt><userinput>su</userinput> |
| 326 |
<prompt>Password:</prompt> |
| 327 |
<prompt>/etc/firewall &prompt.root; </prompt><userinput>mv fwrules fwrules_tun0</userinput> |
| 328 |
<prompt>/etc/firewall &prompt.root; </prompt><userinput>cat fwrules_tun0 | sed s/tun0/ppp0/g > fwrules</userinput> |
| 329 |
</screen> |
| 330 |
|
| 331 |
<para>To know whether you are currently using &man.ppp.8; or |
| 332 |
&man.pppd.8; you can examine the output of &man.ifconfig.8; once the |
| 333 |
connection is up. E.g., for a connection made with &man.pppd.8; you |
| 334 |
would see something like this (showing only the relevant lines):</para> |
| 335 |
|
| 336 |
<screen> |
| 337 |
&prompt.user; <userinput>ifconfig</userinput> |
| 338 |
<emphasis>(skipped...)</emphasis> |
| 339 |
ppp0: flags=<replaceable>8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524</replaceable> |
| 340 |
inet <replaceable>xxx.xxx.xxx.xxx</replaceable> --> <replaceable>xxx.xxx.xxx.xxx</replaceable> netmask <replaceable>0xff000000</replaceable> |
| 341 |
<emphasis>(skipped...)</emphasis> |
| 342 |
</screen> |
| 343 |
|
| 344 |
<para>On the other hand, for a connection made with &man.ppp.8; |
| 345 |
(<emphasis>user-ppp</emphasis>) you should see something similar to |
| 346 |
this:</para> |
| 347 |
|
| 348 |
<screen> |
| 349 |
&prompt.user; <userinput>ifconfig</userinput> |
| 350 |
<emphasis>(skipped...)</emphasis> |
| 351 |
ppp0: flags=<replaceable>8010<POINTOPOINT,MULTICAST> mtu 1500</replaceable> |
| 352 |
<emphasis>(skipped...)</emphasis> |
| 353 |
tun0: flags=<replaceable>8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524</replaceable> |
| 354 |
<emphasis>(IPv6 stuff skipped...)</emphasis> |
| 355 |
inet <replaceable>xxx.xxx.xxx.xxx</replaceable> --> <replaceable>xxx.xxx.xxx.xxx</replaceable> netmask <replaceable>0xffffff00</replaceable> |
| 356 |
Opened by PID <replaceable>xxxxx</replaceable> |
| 357 |
<emphasis>(skipped...)</emphasis> |
| 358 |
</screen> |
| 359 |
</answer> |
| 360 |
</qandaentry> |
| 361 |
|
| 362 |
<!-- addition ends here --> |
| 363 |
|
| 297 |
</qandaset> |
364 |
</qandaset> |
| 298 |
</sect1> |
365 |
</sect1> |
| 299 |
</article> |
366 |
</article> |