Very Computer

by **Al Longye** » Tue, 24 Oct 1995 04:00:00

>I have a gateway system running Linux 1.2.13 that is connected to my internal
>network via an Ethernet card and to the Internet via a PPP connection.
>I would like to be able to set up my internal Class C network as 'trusted'
>for some features, but it seems to me like I would need to make sure that
>no packets coming in across the PPP link spoof my internal network's address.
>Is there a way in the PPP code to filter out any packets that say they
>are coming from my internal network?

There is no way for the PPP code to filter anything. There are no plans to
put filters into the PPP code.

The filtering is performed by the firewall code. It does it now. You need
only use the rules and specify the interface IP address.

--

The above opinions do not necessarily represent those of the Management
of System Integrators nor any of its subsidiaries.

by **Joel M. Hoffm** » Wed, 25 Oct 1995 04:00:00

Quote:>>I have a gateway system running Linux 1.2.13 that is connected to my internal
>>network via an Ethernet card and to the Internet via a PPP connection.

>>[...]
>>Is there a way in the PPP code to filter out any packets that say they
>>are coming from my internal network?

>There is no way for the PPP code to filter anything. There are no plans to
>put filters into the PPP code.

If you were set on doing with with PPP (as opposed to with firewall
code), you could probably hack get_input() in main.c in the pppd/
directory of ppp. Around the middle you'll find:

p += 2; /* Skip address and control */
GETSHORT(protocol, p);
len -= PPP_HDRLEN;

I guess you could put something there, and exit if you don't like the
address.

-Joel

--
-----------------------------------------------------------------------------
|_|~~ Germany, Europe. 1940's ``A DISTINGUISHED speaker said that we must put
__|~| 16 Million DEAD. our children first. We in Bosnia wonder if
we have any children left. Seven* thousand
cnc Bosnia, Europe. 1990's children have been killed in Bosnia in the
cnc HOW MANY MORE? last three years. Those living, some with
gray hair and eyes and hearts of old men, are
``May the world you hardly children any more.''
live in be the world - H. Silajdzic
of your dreams.'' - Debbie Friedman Prime Minister of Bosnia
-----------------------------------------------------------------------------

by **Wesley Hoski** » Mon, 30 Oct 1995 03:00:00

>> Is there a way in the PPP code to filter out any packets that say they
>> are coming from my internal network?

Al> There is no way for the PPP code to filter anything. There are no plans
Al> to put filters into the PPP code.

Al> The filtering is performed by the firewall code. It does it now. You
Al> need only use the rules and specify the interface IP address.

There are some modifications to the ppp code that DO allow packet filtering,
based upon what sort of udp/tcp/routing options are used in the packet.
Its really easy to setup....

wes
--
------------------------------------------------------------------------------
Wesley Hosking Atlantek Microsystems
Endeavour House, Technology Park, South Australia

Very Computer

Filtering PPP packets in Linux?

Filtering PPP packets in Linux?

Filtering PPP packets in Linux?

Filtering PPP packets in Linux?