Problems with PPP on demand and my firewall

Problems with PPP on demand and my firewall

Post by stone9 » Mon, 10 Jul 2000 04:00:00



Here is the issue I have.  I can get PPP to dial on demand but I can not
access the outside world until I have rerun my firewall script.  Once
this is done then I can cruise with no problems.  Is there a way when
the linux box dials to also run the firewall script once a connection
has been made??

Thanks

 
 
 

Problems with PPP on demand and my firewall

Post by Bill Mosele » Mon, 10 Jul 2000 04:00:00




Quote:> Here is the issue I have.  I can get PPP to dial on demand but I can not
> access the outside world until I have rerun my firewall script.  Once
> this is done then I can cruise with no problems.  Is there a way when
> the linux box dials to also run the firewall script once a connection
> has been made??

man pppd

look for ip-up

--
Bill Moseley

 
 
 

Problems with PPP on demand and my firewall

Post by Jim Broughto » Mon, 10 Jul 2000 04:00:00



> Here is the issue I have.  I can get PPP to dial on demand but I can not
> access the outside world until I have rerun my firewall script.  Once
> this is done then I can cruise with no problems.  Is there a way when
> the linux box dials to also run the firewall script once a connection
> has been made??

> Thanks

In the directory /etc/ppp there is a file names ip-up
you can add your firewall call to this script. Ignore
any opening comments about not modifiying that file
and just make it the first entry in the script.
This is the file that pppd calls once negotiation is
complete and the IP numbers are in place.
Also you can insert a line in /etc/ppp/ip-down that will
set all ipchains policies to accept. This file is run by
pppd when the link goes down.

the attached script is called firewallkill and I place it
in the /sbin directory. It is run from ip-down.

JIM

[ firewallkill < 1K ]
#!/bin/sh
/sbin/ipchains -P input ACCEPT
/sbin/ipchains -P output ACCEPT
/sbin/ipchains -P forward ACCEPT
#
/sbin/ipchains -F input
/sbin/ipchains -F output
/sbin/ipchains -F forward

 
 
 

Problems with PPP on demand and my firewall

Post by Jim Broughto » Mon, 10 Jul 2000 04:00:00



> Here is the issue I have.  I can get PPP to dial on demand but I can not
> access the outside world until I have rerun my firewall script.  Once
> this is done then I can cruise with no problems.  Is there a way when
> the linux box dials to also run the firewall script once a connection
> has been made??

> Thanks

In the directory /etc/ppp there is a file names ip-up
you can add your firewall call to this script. Ignore
any opening comments about not modifiying that file
and just make it the first entry in the script.
This is the file that pppd calls once negotiation is
complete and the IP numbers are in place.
Also you can insert a line in /etc/ppp/ip-down that will
set all ipchains policies to accept. This file is run by
pppd when the link goes down.

the attached script is called firewallkill and I place it
in the /sbin directory. It is run from ip-down.

JIM

[ firewallkill < 1K ]
#!/bin/sh
/sbin/ipchains -P input ACCEPT
/sbin/ipchains -P output ACCEPT
/sbin/ipchains -P forward ACCEPT
#
/sbin/ipchains -F input
/sbin/ipchains -F output
/sbin/ipchains -F forward

 
 
 

Problems with PPP on demand and my firewall

Post by Bill Unr » Tue, 11 Jul 2000 04:00:00



]In the directory /etc/ppp there is a file names ip-up
]you can add your firewall call to this script. Ignore
]any opening comments about not modifiying that file
]and just make it the first entry in the script.

ip-up has a call to ip-up.local. Place your local changes into
ip-up.local. Otherwise you are liable to find that when you upgrade,
your changes are wiped out in ip-up.
ip-up.local is called with the same parameters as is ip-up.

]This is the file that pppd calls once negotiation is
]complete and the IP numbers are in place.
]Also you can insert a line in /etc/ppp/ip-down that will
]set all ipchains policies to accept. This file is run by
]pppd when the link goes down.

Similarly ip-down.local

It is helpful to keep your own changes separate from the system.

 
 
 

1. PPP problem. PPP connects constantly, not on demand.

When PPP is started on the system (/etc/rc2.d/S47asppp start) PPP will
try and contact all the hosts I have configured in my /etc/asppp.cf.  I
thought the connections would only be on demand (telnet, etc...) instead of
when PPP starts up initially.

# more asppp.cf

#
# Copyright (c) 1993 by Sun Microsystems, Inc.
#
# Sample asynchronous PPP /etc/asppp.cf file
#
#
#ifconfig ipdptp0 plumb mojave gobi up
#
#path
#       inactivity_timeout 120     # Approx. 2 minutes
#       interface ipdptp0          
#       peer_system_name Pgobi     # The name we log in with (also in
#                                  # /etc/uucp/Systems

ifconfig ipdptp28 plumb myhost testing up
path
#  debug_level 9
  interface ipdptp28
  ipcp_async_map 0
# inactivity_timeout 120
  peer_system_name testing

2. How to limit the bandwith in ftp ?

3. Demand dialed PPP (was Re: FOLLOWUP: PPP client setup help)

4. GCC include files

5. Jason Neumann: ppp -auto -alias demand (problems)

6. Changing to foreign keyboard

7. Demand dialling problem with ppp-2.3.1

8. OKIdata 6w Printer Setup - Help

9. ppp -auto -alias demand (problems)

10. DNS+PPP+DEMAND+IPv4=Problem

11. Problems with PPP Demand Dialing and Slackware 3.5

12. Problems with ppp dial-on-demand

13. PPP & Dial on demand problems & fixes