Re: pppoe

Thu, 01 Dec 2011 18:16:00 -0800 

Using userland ppp, this pf configuration is preventing proper pppoe
connections. The same would happen with pppoe(4). I know how to accept, but
I'm not sure about (a) pppoe only (2) the order and position of where it
should go, though i didn't plagiarize these filters except from the manual.
I generally understand them.

# cat
/etc/pf.conf
int_if="xl0"

ext_if="tun0" #has to be changed to pppoe(4)



thenetwrk="10.0.0.0/8"

rothbard="10.0.0.10"

baal="10.0.0.2"

smass="10.0.0.1"



etcp_services="{22}"

itcp_services="{22,53}"

icmp_types="echoreq"



ports_rothbard="{17000,17001,17002,17003,17004,17005,2322}"

ports_smass="{17100,17101,17102,17103,17104,17105,2222}"



set block-policy
return
set loginterface
$ext_if
set skip on
lo


anchor
"ftp-proxy/*"


pass in quick on $int_if inet proto tcp to any port ftp
\
    divert-to 127.0.0.1 port
8021


match out on $ext_if from 10.0.0.0/8 to any nat-to
$int_if
pass on $ext_if from 10.0.0.0/8 to
any


pass out on $ext_if proto tcp from any to
any


pass in on $ext_if proto tcp from any to any port $ports_rothbard rdr-to
$rothba
rd

pass in on $ext_if proto tcp from any to any port $ports_smass rdr-to
$smass


antispoof quick for { lo $int_if
}


pass in on egress inet proto tcp from any to (egress)
\
        port
$etcp_services
pass in on egress inet proto tcp from any to $baal port
$itcp_services


pass in inet proto icmp all icmp-type $icmp_types

On Mon, Nov 21, 2011 at 8:46 PM, Eric Furman <ericfur...@fastmail.net>wrote:

> On Monday, November 21, 2011 7:57 AM, "Jan Stary" <h...@stare.cz> wrote:
> > On Nov 21 12:37:37, John Tate wrote:
> > > I am setting up an OpenBSD firewall, and have everything working but I
> > > am using userland pppoe. I am not sure if it ever became an official
> > > part of OpenBSD, but I've heard there might be kernel level pppoe
> > > support.
> > >
> > > Is there kernel level pppoe support? Or is the cybersphere filling my
> > > head with dreams?
> >
> > Is http://www.openbsd.org/faq/faq6.html#PPP a part of "cybersphere"?
>
> PPP?!?!?!?
> Aughugh, hsss, hsssss. It hurts usss it hurts uss!
> Take it away take it away!!!
> LOL
>
> Sorry, you have my sympathy...
>



-- 
www.johntate.org

Reply via email to