On Mon, Nov 29, 2004 at 04:14:07PM +0100, Ruben de Groot wrote:
: : allow ip from ${INTERNAL_NET} to any keep-state out xmit tun0
: :
: : where INTERNAL_NET would be e.g. 192.168.0.0/24
I was checking out the man page, and I'm a little unclear on whether I want
'xmit' or 'via' in this rule.
On Tuesday 30 November 2004 15:37, Jonathon McKitrick wrote:
On Mon, Nov 29, 2004 at 04:14:07PM +0100, Ruben de Groot wrote:
: : allow ip from ${INTERNAL_NET} to any keep-state out xmit tun0
: :
: : where INTERNAL_NET would be e.g. 192.168.0.0/24
I was checking out the man page, and I'm a
On Sun, Nov 28, 2004 at 02:27:41PM +0200, Giorgos Keramidas typed:
On 2004-11-28 04:48, Jonathon McKitrick [EMAIL PROTECTED] wrote:
On Sun, Nov 28, 2004 at 03:31:35AM +0200, Giorgos Keramidas wrote:
: AFAIK, rule 00300 will never be hit by packets going out tun0 as long as
: you also have
On Mon, Nov 29, 2004 at 12:30:20PM +0100, Ruben de Groot wrote:
: He's using ppp-nat. So packets from his laptop will first hit rule #300 and
: only after that get nat'ed. I believe this is normal behaviour.
Ah, yes. I always forget about ppp-nat.
So, then, is this the best way to allow my
On Mon, Nov 29, 2004 at 01:21:14PM +, Jonathon McKitrick typed:
On Mon, Nov 29, 2004 at 12:30:20PM +0100, Ruben de Groot wrote:
: He's using ppp-nat. So packets from his laptop will first hit rule #300 and
: only after that get nat'ed. I believe this is normal behaviour.
Ah, yes. I
On Mon, Nov 29, 2004 at 03:09:30PM +0100, Ruben de Groot wrote:
: On Mon, Nov 29, 2004 at 01:21:14PM +, Jonathon McKitrick typed:
: On Mon, Nov 29, 2004 at 12:30:20PM +0100, Ruben de Groot wrote:
: : He's using ppp-nat. So packets from his laptop will first hit rule #300
and
: : only after
On Mon, Nov 29, 2004 at 02:44:58PM +, Jonathon McKitrick typed:
On Mon, Nov 29, 2004 at 03:09:30PM +0100, Ruben de Groot wrote:
: On Mon, Nov 29, 2004 at 01:21:14PM +, Jonathon McKitrick typed:
: On Mon, Nov 29, 2004 at 12:30:20PM +0100, Ruben de Groot wrote:
: : He's using ppp-nat.
On 2004-11-29 14:44, Jonathon McKitrick [EMAIL PROTECTED] wrote:
On Mon, Nov 29, 2004 at 03:09:30PM +0100, Ruben de Groot wrote:
: Your laptop won't be exposed by this. You could however finetune your
: ruleset a little bit by modifying rule 300 to something like:
:
: allow ip from
On Mon, Nov 29, 2004 at 05:13:44PM +0200, Giorgos Keramidas wrote:
: In general, it's not a bad idea. You won't have to remember to turn
: on firewalling when the laptop is connected to a different network; one
: that shouldn't really be trusted so much.
Not a bad idea. I also use it on the
On 2004-11-28 04:48, Jonathon McKitrick [EMAIL PROTECTED] wrote:
On Sun, Nov 28, 2004 at 03:31:35AM +0200, Giorgos Keramidas wrote:
: AFAIK, rule 00300 will never be hit by packets going out tun0 as long as
: you also have rule 00200 in there.
Hmmm here's a run after having the laptop
Here are my rules:
[EMAIL PROTECTED]:~# ipfw show
00100 0 0 check-state
00200 2 144 allow ip from me to any keep-state out xmit tun0
00300 0 0 allow ip from any to any keep-state out xmit tun0
00400 0 0 deny tcp from any to any in recv tun0 established
00500 0 0 allow ip from any to any
Jonathon McKitrick wrote:
Here are my rules:
[EMAIL PROTECTED]:~# ipfw show
00100 0 0 check-state
00200 2 144 allow ip from me to any keep-state out xmit tun0
00300 0 0 allow ip from any to any keep-state out xmit tun0
00400 0 0 deny tcp from any to any in recv tun0 established
00500 0 0
On 2004-11-27 21:56, Jonathon McKitrick [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED]:~# ipfw show
00100 0 0 check-state
00200 2 144 allow ip from me to any keep-state out xmit tun0
00300 0 0 allow ip from any to any keep-state out xmit tun0
00400 0 0 deny tcp from any to any in recv tun0
On Sun, Nov 28, 2004 at 03:31:35AM +0200, Giorgos Keramidas wrote:
: AFAIK, rule 00300 will never be hit by packets going out tun0 as long as
: you also have rule 00200 in there.
Hmmm here's a run after having the laptop running for a bit. I don't
see why 200 doesn't cover the case either.
14 matches
Mail list logo