From: Chris Friesen <cfriesen@nortelnetworks.com>
To: Harald Welte <laforge@gnumonks.org>,
netfilter@lists.netfilter.org, lartc@mailman.ds9a.nl
Subject: Re: firewalling PPPOE stream without terminating it
Date: Mon, 15 Sep 2003 10:55:46 -0400 [thread overview]
Message-ID: <3F65D2F2.7080103@nortelnetworks.com> (raw)
In-Reply-To: 20030915101826.GH777@obroa-skai.de.gnumonks.org
Harald Welte wrote:
For those just joining, I'm trying to put a box between my DSL modem and
my ethernet switch to enable me to filter up to 5 PPPoE streams. Harald
suggested I move the discussion to the proper lists.
> I would like to ask you this question at an apropriate mailinglist
> (netfilter@lists.netfilter.org, or the lartc mailinglist [since the
> assumption that you would need to do NAT in case you terminate the two
> dsl lines is invalid an can be solved using policy routing + connmark]).
Okay, so you're suggesting terminating all the connections on the new
box and then using policy routing to forward the packets on to the
appropriate address(es) on the internal side? And since the PPPoE
headers have been removed, I could then use standard iptables to do the
filtering?
Chris
--
Chris Friesen | MailStop: 043/33/F10
Nortel Networks | work: (613) 765-0557
3500 Carling Avenue | fax: (613) 765-2986
Nepean, ON K2H 8E9 Canada | email: cfriesen@nortelnetworks.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
parent reply other threads:[~2003-09-15 14:55 UTC|newest]
Thread overview: expand[flat|nested] mbox.gz Atom feed
[parent not found: <20030915101826.GH777@obroa-skai.de.gnumonks.org>]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F65D2F2.7080103@nortelnetworks.com \
--to=cfriesen@nortelnetworks.com \
--cc=laforge@gnumonks.org \
--cc=lartc@mailman.ds9a.nl \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox