Configurationrequest for firewall with temporary ppp0-interface

Configurationrequest for firewall with temporary ppp0-interface

[Ruprecht Helms]

Hi,

I've the problem that I need some rules for a temporary ppp0 interface.
This interface is only active then the admin has made a dial-up on the 
server and has activated a ppp-daemon.

In the time the ppp0-Interface is up the connections should be able 
completely in both directions and through to clients. But this should 
only alowed for connections via ppp0.

Connections via the normal isdn0 should be protected by the normal 
firewallroules (iptables).

How have I to configure.

Regards,
Ruprecht

------------------------------------------------------------------------------------------
Ruprecht Helms IT-Service & Softwareentwicklung

Tel./Fax  +49[0]7621 16 99 16
Web:       htp://www.rheyn.de

Re: Configurationrequest for firewall with temporary ppp0-interface

[/dev/rob0]

On Thursday 30 June 2005 04:23, Ruprecht Helms wrote:
> I've the problem that I need some rules for a temporary ppp0
> interface. This interface is only active then the admin has made a
> dial-up on the server and has activated a ppp-daemon.
>
> In the time the ppp0-Interface is up the connections should be able
> completely in both directions and through to clients. But this should
> only alowed for connections via ppp0.

If this is your only ppp+ interface it is easy. You can add your rules 
to the existing firewall and leave them there.

If there are other ppp+ interfaces which should be more restricted, it 
is only slightly more difficult. pppd(8) has a feature to run scripts 
when an interface goes active and inactive, /etc/ppp/ip-{up,down} 
respectively. Put your rules to open the interface in ip-up and to 
close it in ip-down. (Some distributors use ip-{up,down}.local for 
local additions.)
-- 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header

Configurationrequest for firewall with temporary ppp0-interface

[Ruprecht Helms]

Hi,

I've the problem that I need some rules for a temporary ppp0 interface.
This interface is only active then the admin has made a dial-up on the
server and has activated a ppp-daemon.

In the time the ppp0-Interface is up the connections should be able
completely in both directions and through to clients. But this should
only alowed for connections via ppp0.

Connections via the normal isdn0 should be protected by the normal
firewallroules (iptables).

How have I to configure.

Regards,
Ruprecht

------------------------------------------------------------------------------------------
Ruprecht Helms IT-Service & Softwareentwicklung

Tel./Fax  +49[0]7621 16 99 16
Web:       htp://www.rheyn.de

Re: Configurationrequest for firewall with temporary ppp0-interface

[Christoph Georgi]

Just create rules specifying ppp0 as incoming and outgoing interface (-i 
and -o), e.g.

$IPTABLES -A FORWARD -i eth0 -o ppp0 -j ACCEPT
$IPTABLES -A FORWARD -o eth0 -i ppp0 -j ACCEPT

christoph

Ruprecht Helms wrote:
> Hi,
> 
> I've the problem that I need some rules for a temporary ppp0 interface.
> This interface is only active then the admin has made a dial-up on the 
> server and has activated a ppp-daemon.
> 
> In the time the ppp0-Interface is up the connections should be able 
> completely in both directions and through to clients. But this should 
> only alowed for connections via ppp0.
> 
> Connections via the normal isdn0 should be protected by the normal 
> firewallroules (iptables).
> 
> How have I to configure.
> 
> Regards,
> Ruprecht
> 
> ------------------------------------------------------------------------------------------ 
> 
> Ruprecht Helms IT-Service & Softwareentwicklung
> 
> Tel./Fax  +49[0]7621 16 99 16
> Web:       htp://www.rheyn.de
> 
> 

-- 


Christoph Georgi
-----------------------------
email.  christoph.georgi@web.de
fon.	+64 (0)9 815 8259

registered linux user #380268
ubuntu 5.04 (ubuntu.com)

RE: Configurationrequest for firewall with temporary ppp0-interface

[Seferovic Edvin]

Well if you are using NAT then you can say that ppp+ should be NATed to your
extern interface.. should be to complicated? :) pppd brings up a new
interface and adds a route to it, so you dont have to worry about this.

Regards,

Edvin Seferovic

-----Original Message-----
From: netfilter-bounces@lists.netfilter.org
[mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of Ruprecht Helms
Sent: Donnerstag, 30. Juni 2005 11:24
To: netfilter@lists.netfilter.org
Subject: Configurationrequest for firewall with temporary ppp0-interface

Hi,

I've the problem that I need some rules for a temporary ppp0 interface.
This interface is only active then the admin has made a dial-up on the 
server and has activated a ppp-daemon.

In the time the ppp0-Interface is up the connections should be able 
completely in both directions and through to clients. But this should 
only alowed for connections via ppp0.

Connections via the normal isdn0 should be protected by the normal 
firewallroules (iptables).

How have I to configure.

Regards,
Ruprecht

----------------------------------------------------------------------------
--------------
Ruprecht Helms IT-Service & Softwareentwicklung

Tel./Fax  +49[0]7621 16 99 16
Web:       htp://www.rheyn.de

Re: Configurationrequest for firewall with temporary ppp0-interface

[Jan Engelhardt]

> Hi,
>
> I've the problem that I need some rules for a temporary ppp0 interface.
> This interface is only active then the admin has made a dial-up on the server
> and has activated a ppp-daemon.

Maybe it's been said, or not:
You can have iptables rules for devices even if they do not exist or are 
turned off (`a la "ip link set down")


Jan Engelhardt
--                                                                            
| Gesellschaft fuer Wissenschaftliche Datenverarbeitung Goettingen,
| Am Fassberg, 37077 Goettingen, www.gwdg.de