* problems filtering ppp devices
@ 2002-09-09 9:40 Jeroen Wortelboer
2002-09-09 12:06 ` Anders Fugmann
0 siblings, 1 reply; 4+ messages in thread
From: Jeroen Wortelboer @ 2002-09-09 9:40 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 906 bytes --]
Hi there,
I am encountering some weird stuff while filtering a ppp device.
It seems like traffic from the ppp device does not enter the INPUT or OUTPUT table. Only when the destination of the traffic is another interface on the same machne does the INPUT or OUTPUT table see the traffic (i am logging all traffic through the ppp device. . .).
Filtering this fraffic on the forward of nat tables works fine, but leaves me with an unhappy feeling...
I did some google-ing for this problem and came up empty. I hope I am doing something wrong here because otherwise this could be a serious problem.
Perhaps someone on this list can help me out why the ppp-traffic seems to skip these tables....
For the record, i am running kernel 2.4.9-34 (RedHat) with pptpd-1.1.2-2 and ppp-mppe-2.4.1-6. The ppp devices are started bij the pptpd process.
Any suggestions are welcome.
Thanks,
Jeroen.
[-- Attachment #2: Type: text/html, Size: 1867 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: problems filtering ppp devices
2002-09-09 9:40 problems filtering ppp devices Jeroen Wortelboer
@ 2002-09-09 12:06 ` Anders Fugmann
0 siblings, 0 replies; 4+ messages in thread
From: Anders Fugmann @ 2002-09-09 12:06 UTC (permalink / raw)
To: Jeroen Wortelboer; +Cc: netfilter
Jeroen Wortelboer wrote:
> Hi there,
>
> I am encountering some weird stuff while filtering a ppp device.
> It seems like traffic from the ppp device does not enter the INPUT or
> OUTPUT table. Only when the destination of the traffic is another
> interface on the same machne does the INPUT or OUTPUT table see the
> traffic (i am logging all traffic through the ppp device. . .).
A packet traverses the INPUT chain (filter table), only if it is
destined for the firewall itself. All packets originating from the
firewall traverses the OUTPUT chain. The FORWARD chain is traversed by
packets that enters one interface and leaves another (forwarded by
linux). In all the obersevation is correct, and indeed intended.
> Filtering this fraffic on the forward of nat tables works fine, but
> leaves me with an unhappy feeling...
Filtering in the nat table?. Please use the filter table for filtering.
>
> I did some google-ing for this problem and came up empty. I hope I am
> doing something wrong here because otherwise this could be a serious
> problem.
I guess that you was not using the terms "iptables traversing tables".
It would have given you the link to the tutorial. See:
http://www.iptables.org/documentation/tutorials/blueflux/iptables-tutorial.html#TRAVERSINGOFTABLES
Hope it helps.
Regards
Anders Fugmann
--
Author of FIAIF
FIAIF Is An Intelligent/Iptables Firewall.
http://fiaif.fugmann.dhs.org
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: problems filtering ppp devices
@ 2002-09-09 10:40 Rob Sterenborg
2002-09-09 11:44 ` Jeroen Wortelboer
0 siblings, 1 reply; 4+ messages in thread
From: Rob Sterenborg @ 2002-09-09 10:40 UTC (permalink / raw)
To: 'netfilter@lists.netfilter.org'
[-- Attachment #1: Type: text/plain, Size: 485 bytes --]
> I am encountering some weird stuff while filtering a ppp device.
> It seems like traffic from the ppp device does not enter the
> INPUT or OUTPUT table. Only when the destination of the traffic
When configuring the kernel (compile your own) you have an option in the
section "Network device support" : PPP Filtering (CONFIG_PPP_FILTER).
The help for this item says that you need this for filtering PPP devices.
Maybe you have to compile your kernel with CONFIG_PPP_FILTER=y.
Rob
[-- Attachment #2: Type: text/html, Size: 1014 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: problems filtering ppp devices
2002-09-09 10:40 Rob Sterenborg
@ 2002-09-09 11:44 ` Jeroen Wortelboer
0 siblings, 0 replies; 4+ messages in thread
From: Jeroen Wortelboer @ 2002-09-09 11:44 UTC (permalink / raw)
To: Rob Sterenborg, netfilter
[-- Attachment #1: Type: text/plain, Size: 1064 bytes --]
RE: problems filtering ppp devicesHi Rob,
thanks for your quick responce.
I checked the setting and it was switched on, so I should have support for it in my kernel.
I believe however that this setting was not intended for 'netfilter' filtering but for ppp activity filtering.
Any other idea's are very welcome.
Thanks again.
Jeroen
----- Original Message -----
From: Rob Sterenborg
To: 'netfilter@lists.netfilter.org'
Sent: Monday, September 09, 2002 12:40 PM
Subject: RE: problems filtering ppp devices
> I am encountering some weird stuff while filtering a ppp device.
> It seems like traffic from the ppp device does not enter the
> INPUT or OUTPUT table. Only when the destination of the traffic
When configuring the kernel (compile your own) you have an option in the section "Network device support" : PPP Filtering (CONFIG_PPP_FILTER).
The help for this item says that you need this for filtering PPP devices.
Maybe you have to compile your kernel with CONFIG_PPP_FILTER=y.
Rob
[-- Attachment #2: Type: text/html, Size: 2663 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2002-09-09 12:06 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-09-09 9:40 problems filtering ppp devices Jeroen Wortelboer
2002-09-09 12:06 ` Anders Fugmann
-- strict thread matches above, loose matches on Subject: below --
2002-09-09 10:40 Rob Sterenborg
2002-09-09 11:44 ` Jeroen Wortelboer
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.