Dirk GOUDERS wrote:
I just started to use an ADSL line with PPPoE and want run a firewall
between it and my local network. What I am wondering about is that even
if I only have the default everything-blocking rule (deny ip from any to
any) I still see incoming packets on tun0 with tcpdump.
If you are using PPPoE, the system de-encapsulates the IP traffic off of the
PPP session via the tun0 interface. tun0 can be treated as your "external
interface" when writing firewall rules, setting up NAT, etc.
[ ... ]
Another example is that I saw several SYN packets directed to
unprivileged ports that got answered with a RST packet by my machine.
When I block those SYN packets, I still see them on tun0 but the RST
responses disappear. Also, ipfw's counters show that it recognizes
those packets...
Right. This implies that the firewall rules are working. If you want to see
what the situation looks like to a client machine behind the firewall, either
tcpdump on a client machine, or tcpdump on the internal interface of the
firewall box...
--
-Chuck
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
