PPPOE, IPTABLES and dynamic axip tunnels

Linux HAM/Amateur Radio development
 help / color / mirror / Atom feed

From: John Feist <aa6qn@pacbell.net>
To: LINUX-HAMS <linux-hams@vger.kernel.org>
Subject: PPPOE, IPTABLES and dynamic axip tunnels
Date: Fri, 19 Jul 2002 08:33:10 -0700	[thread overview]
Message-ID: <3D383136.2C013C54@pacbell.net> (raw)

The following is a email clip that I sent  requesting help with regards
to port PPPOE towards a NETFILTER (IPTABLES) environment.  For those of
you that make use of the dynamic ADSL connections that come with
IPCHAINS and Masquerade to provide ip route axip tunnels between other
AX25 nodes may want to consider the move as well.

------ to: info@roaringpenguin.com ------
Greetings, first thank you for the pppoe support.  I am running RH7.3,
kernel 2.4.19.pre9 with the canned installation of pppoe
(adsl-start....) which works great with IPCHAINS in the masquerade
environment.  Unfortunately there is a bad exploit that is associated
with IPCHAINS due to the fact that ip-masquerade runs as udp between
ports 61000-65000. You can read about this at:
http://online.securityfocus.com/bid/1078/discussion/

What got me going was my kernel log report showed several incoming
connections that provided tunnels into my server via port 61000 through
my ipchains firewall from various external IP addresses.  Using a
IPTABLES boilerplate from:
http://orbital.wiretapped.net/~technion/iptables  I made the changes to
reflect my network and loaded IPTABLES vice ipchains at boot up.  The
firewall loaded fine but the ppp (pppoe) would not start.

Since IPTABLES is a stateful protocol many of the childhood problems of
IPCHAINS have been corrected.  I could use some direction to port the
firewall toward the NETFILTER environment.

--------

Hopefully the above may save someone else's headache, 73, John

                 reply	other threads:[~2002-07-19 15:33 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3D383136.2C013C54@pacbell.net \
    --to=aa6qn@pacbell.net \
    --cc=linux-hams@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox