RE: IPFilter 4.1

Darren,

Sorry I got it wrong, it seems I have two outstanding issues:-

1. mssclamp option in ipnat.conf not being accecpted
2. pptp connection no longer working.

I suspect that the second item may be related to your addition of a proxy for this. Could you please supply the format of the line
to make this item work?

Thanks,

Adam

-----Original Message-----
From: owner-ipfilter@coombs.anu.edu.au [mailto:owner-ipfilter@coombs.anu.edu.au] On Behalf Of Adam Summerfield
Sent: Saturday, 14 February 2004 10:45 AM
To: 'Eric'; 'Darren Reed'
Cc: ipfilter@coombs.anu.edu.au
Subject: RE: IPFilter 4.1

OK I have now tested this and it actually seems to work!!!

I now have connectivity, NAT and a FireWall.

What you need to do is have a setting in the file:-

/etc/ppp/options

and the magical setting is:-

pfil

This then allows for the modinsert that pfil uses.

Darren,

All I need help with now is the mssclamp option in ipnat.conf

It will not accept the lines that I used to have:-

map sppp0 10.10.10.0/24 -> 0/32 proxy port ftp ftp/tcp mssclamp 1452
map sppp0 10.10.10.0/24 -> 0/32 portmap tcp/udp auto mssclamp 1452
map sppp0 10.10.10.0/24 -> 0/32 mssclamp 1452

Regards,

Adam

-----Original Message-----
From: owner-ipfilter@coombs.anu.edu.au [mailto:owner-ipfilter@coombs.anu.edu.au] On Behalf Of Eric
Sent: Saturday, 14 February 2004 10:16 AM
To: Adam Summerfield
Cc: 'Darren Reed'; ipfilter@coombs.anu.edu.au
Subject: Re: IPFilter 4.1

This looks like it--the ifconfig modinsert, modremove and unplumb commands are related
to the SunScreen problems I had, in that the SunScreen program attempted to use those commands
to configure the PPP daemon for SunScreen's use. Since they did not work, SunScreen puked.

On Sat, Feb 14, 2004 at 08:07:11AM +1100, Adam Summerfield put into existance:
] Darren,
]
] Does this make any sense:-
]
] noplink
] Cause pppd to use I_LINK instead of I_PLINK. This is
] the default. When I_LINK is used, the system cleans up
] terminated interfaces (even when SIGKILL is used) but
] does not allow ifconfig(1M) to unplumb PPP streams or
] insert or remove modules dynamically. Use the plink
] option if ifconfig(1M) modinsert, modremove or unplumb
] support is needed.
]
] Is this what we may be looking for?
]
] Adam
]
] -----Original Message-----
] From: Darren Reed [mailto:darrenr@reed.wattle.id.au]
] Sent: Saturday, 14 February 2004 6:56 AM
] To: Eric
] Cc: Darren Reed; Adam Summerfield; ipfilter@coombs.anu.edu.au
] Subject: Re: IPFilter 4.1
]
] In some email I received from Eric, sie wrote:
] > I for one use IPFilter on a PPP device (sun ultra 5 as a home router for
] > dialup), and my choice of IPFilter over SunScreen (which came with
] > Solaris 9 somewhere) was the fact that SunScreen refuses to work with
] > sppp0 for the same reason (sppp does not present itself as a streams
] > module/driver). Breaking compatibility with sppp would definitely put
] > me out of the loop for ipf4. Ultimately Sun needs to fix this.
]
] Yes. Does the sppp driver come with Solaris ?
] Does the man page mention anything about plumbing options for any
] of the configuration files ?
]
] Darren
]
] > On Sat, Feb 14, 2004 at 12:47:30AM +1100, Darren Reed put into existance:
] > ]
] > ] What's are the panic messages with sppp0 ?
] > ]
] > ] I'm not actually surprised - "ppp" (in general) has not been tested
] > ] with ipf4 and I'm hence reserved to support it, yet.
] > ]
] > ] I suspect the fault here is that the sppp driver does not present
] > ] itself as a proper DLPI STREAMS module/driver but I might be wrong.
] > ]
] > ] Darren
] >
] > .
] >