[wplug] questions about firewall

Romano, Christopher cjr6 at exchange.cis.pitt.edu
Sat Dec 8 19:04:12 EST 2001 

yes I am running pppoe.  I will try that.

Thanks,
Chris

-----Original Message-----
From: Bill Moran
To: wplug at wplug.org
Sent: 12/8/2001 12:29 PM
Subject: Re: [wplug] questions about firewall

Romano, Christopher wrote:
> I use one card to connect to my DSL modem and the other to connect to
my
> hub.
> 
> So I do I apply the rules for eth0 to ppp0 and forget about eth0?

No, no, no.
I jumped and answered too quickly - before getting all the information.
I assume what you're talking about is using ppp over ethernet.
Personally,
I can't give you a whole lot of advice, as I don't have much experience
with pppoe, but the basics of what you want to do are:
1: Apply the outside interface rules to ppp0
2: Apply the inside interface rules to eth1
3: Either research pppoe specifically, or use a packet sniffer (such as
    ethereal) to determine what traffic is running across the eth0
interface.
    Then write some rules to restrict any traffic that is not valid
pppoe
    traffic.

Good luck,
Bill

> Chris
> 
> -----Original Message-----
> From: Bill Moran
> To: wplug at wplug.org
> Sent: 12/8/2001 11:14 AM
> Subject: Re: [wplug] questions about firewall
> 
> Romano, Christopher wrote:
> 
>>Everything that I have read has eth1 with an internal IP address and
>>
> eth0
> 
>>with a public IP address.  I use Verizon DSL and my connection is
>>
> through
> 
>>ppp0.  So ppp0 has the external IP and both my ethN have internal.
>>
> When I
> 
>>set up my rules do I just use the two internal because they are my
>>
> ethernet
> 
>>cards?  I know that I have going to have to mask everything to go
>>
> through my
> 
>>ppp connection.  I am going to be using IPTables.
>>
> 
> Why do you have two eth cards internally?  The first thing you may
want
> to
> consider is "Do I need two eth cards".  You may be making things
> unnecessarily
> complicated.
> If you only have the ppp interface and one eth interface, then what
you
> do is
> just replace eth0 with ppp0 in those tutorials and eth1 with eth0.
> If you need both internal interfaces, then your changes are still not
> that complicated:
> you'll need to use the rules the tutorials tell you to apply to eth0
on
> ppp0,
> and the rules the tutorials tell you to apply to eth1 on _both_
internal
> interfaces.
> 
> Good luck.
> 
> 


-- 
Bill Moran
Potential Technology
http://www.potentialtech.com

_______________________________________________
wplug mailing list
wplug at wplug.org
http://www.wplug.org/mailman/listinfo/wplug

More information about the wplug mailing list