[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Transprent Firewall over PPP



On 31/07/2002, Greg Fitzgerald <gregf_(_at_)_elitepimps_(_dot_)_org> wrote To misc_(_at_)_openbsd_(_dot_)_org:
> I been reading up on using OpenBSD 3.0/1 and PF to create transparent
> firewalls using a switch and briding two interfaces. My question is, is
> it possible to create a transparent firewall like this when using a PPP
> connection? If so can someone point me in the right direction.

You mean, one interface is ethernet, the other a ppp connection via a modem?
No, this doesnt work. Bridging is a pure Ethernet thing.
Note that ppp(8) can filter IP as well, maybe in less 'quality' then pf..

One thing on my todo is support for something like this:

Client----Bridge----DSL-Modem----DSLAM/Internet

Where one uses PPPoE between Client and DSL-Modem.

pf(4) on the Bridge could peek into the PPPoE packets.

-current already supports IPsec for a similar setup, and this
is a good start to filter any encapsulated IP (GRE comes into
mind first).

Dont hold your breath though.

ciao
-- 
Philipp Buehler, aka fips | sysfive.com GmbH | BOfH | NUCH | <double-p> 

#1: Break the clue barrier!
#2: Already had buzzword confuseritis ?