On Mon, 2005-02-14 at 23:15 +1100, Adam Summerfield wrote: > OK I just tested plain out of the box Solaris 10 sparc ipfilter on an > Enterprise 250 with a quad fast Ethernet card and my adsl connection. > > I was able to connect and the firewall was filtering on the sppp0 interface. > > I saw two problems:- > > 1. The ipnat.conf file would not accept the mssclamp option I normally use. >
I don't use any NAT settings, so I guess I am safe here. > 2. I could not get my pptp vpn connection to establish. > > To get ipf to work on sppp0 interfaces you need to:- > > 1. make sure that the plink option is in /etc/ppp/options > Yes, I have this option in /etc/ppp/options. > 2. make sure that the following line is in /etc/ipf/pfil.ap > > "sppp -1 0 pfil" > I have this line in /etc/ipf/pfil.ap. > I then took the old /etc/rc2.d/S65ipfboot startup script and modified it > with the new file locations and everything was working. This makes life so > much easier then the way that Sun are recommending in their documentation. > On my machine ipfilter is started by those new service management facilities and I checked they were running and the rules from /etc/ipf/ipf.conf were active. > Let me know if I can help..... > Despite your advices ipfilter is still not working for me. Do you have pfil listed in the output of "ifconfig sppp0 modlist"? > Regards, > > Adam > Thanks for your reply! Regards, Albert
