FreeBSD Bugzilla – Attachment 11958 Details for
Bug 23342
Inaccuracy of the dialup-firewall tutorial
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
dialup-firewall.patch
dialup-firewall.patch (text/plain; charset=us-ascii), 3.31 KB, created by
ncalvo
on 2001-02-07 18:31:10 UTC
(
hide
)
Description:
dialup-firewall.patch
Filename:
MIME Type:
Creator:
ncalvo
Created:
2001-02-07 18:31:10 UTC
Size:
3.31 KB
patch
obsolete
>--- article.sgml.orig Sun Jan 21 16:17:22 2001 >+++ article.sgml Sun Jan 21 17:19:32 2001 >@@ -294,6 +294,73 @@ > firewall.</para> > </answer> > </qandaentry> >+ >+<!-- addition starts here --> >+ >+ <qandaentry> >+ <question> >+ <para>There must be something wrong. I followed your instructions >+ to the letter and now I am locked out.</para> >+ </question> >+ >+ <answer> >+ <para>This tutorial assumes that you are running >+ <emphasis>userland-ppp</emphasis>, therefore the supplied ruleset >+ operates on the <devicename>tun0</devicename> interface, which >+ corresponds to the first connection made with &man.ppp.8; (a.k.a. >+ <emphasis>user-ppp</emphasis>). Additional connections would use >+ <devicename>tun1</devicename>, <devicename>tun2</devicename> and so >+ on.</para> >+ >+ <para>You should also note that &man.pppd.8; uses the >+ <devicename>ppp0</devicename> interface instead, so if you start the >+ connection with &man.pppd.8; you must substitute >+ <devicename>tun0</devicename> for <devicename>ppp0</devicename>. A >+ quick way to edit the firewall rules to reflect this change is shown >+ below. The original ruleset is backed up as >+ <filename>fwrules_tun0</filename>.</para> >+ >+ <screen> >+ <prompt>˜ &prompt.user; </prompt><userinput>cd /etc/firewall</userinput> >+ <prompt>/etc/firewall &prompt.user; </prompt><userinput>su</userinput> >+ <prompt>Password:</prompt> >+ <prompt>/etc/firewall &prompt.root; </prompt><userinput>mv fwrules fwrules_tun0</userinput> >+ <prompt>/etc/firewall &prompt.root; </prompt><userinput>cat fwrules_tun0 | sed s/tun0/ppp0/g > fwrules</userinput> >+ </screen> >+ >+ <para>To know whether you are currently using &man.ppp.8; or >+ &man.pppd.8; you can examine the output of &man.ifconfig.8; once the >+ connection is up. E.g., for a connection made with &man.pppd.8; you >+ would see something like this (showing only the relevant lines):</para> >+ >+ <screen> >+ &prompt.user; <userinput>ifconfig</userinput> >+ <emphasis>(skipped...)</emphasis> >+ ppp0: flags=<replaceable>8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524</replaceable> >+ inet <replaceable>xxx.xxx.xxx.xxx</replaceable> --> <replaceable>xxx.xxx.xxx.xxx</replaceable> netmask <replaceable>0xff000000</replaceable> >+ <emphasis>(skipped...)</emphasis> >+ </screen> >+ >+ <para>On the other hand, for a connection made with &man.ppp.8; >+ (<emphasis>user-ppp</emphasis>) you should see something similar to >+ this:</para> >+ >+ <screen> >+ &prompt.user; <userinput>ifconfig</userinput> >+ <emphasis>(skipped...)</emphasis> >+ ppp0: flags=<replaceable>8010<POINTOPOINT,MULTICAST> mtu 1500</replaceable> >+ <emphasis>(skipped...)</emphasis> >+ tun0: flags=<replaceable>8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524</replaceable> >+ <emphasis>(IPv6 stuff skipped...)</emphasis> >+ inet <replaceable>xxx.xxx.xxx.xxx</replaceable> --> <replaceable>xxx.xxx.xxx.xxx</replaceable> netmask <replaceable>0xffffff00</replaceable> >+ Opened by PID <replaceable>xxxxx</replaceable> >+ <emphasis>(skipped...)</emphasis> >+ </screen> >+ </answer> >+ </qandaentry> >+ >+<!-- addition ends here --> >+ > </qandaset> > </sect1> > </article>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=11958">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 23342
: 11958