QUESTION ABOUT PPP.LINKUP AND PF

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

QUESTION ABOUT PPP.LINKUP AND PF

Brian Shackelford
Hello -



I am currently at the end of my understanding.  We have PF working
between two Ethernet cards perfectly - we have absolutely no problems
with it coming up properly and running as needed.  What I am having a
problem with is when we use PPP to establish a connection to an ISP via
a dialup modem.  In some cases we do need to do that as the locations do
not have high speed access.



We have a line for the dialup config in our ppp.conf file called
elinkod:  This connects up to earthlink manually, with the -ddial or the
-auto modes no problem and we can get around on the internet with no
problems.



We have /etc/ppp/ppp.linkup and in that is a section like this:



elinkod:

! sh -c "pfctl -e -f /etc/pf.conf"



Now from what I understand this should allow the connection to establish
and the enable pf with the ruleset contained in pf.conf.  It doesn't
seem to ever work.  We even tried putting the commands to kick off in a
separate script file and kick that file off like so:



elinkod:

!bg /etc/ppp/ppp.linkup.elinkod



Again that also did not work.  We have the set log options set in the
ppp.conf file under the elinkod section and the relevant sections setup
in syslog.conf to allow for logging of ppp information to
/var/log/ppp.log - but nothing is appearing in the log files either.



Just wondering if anyone has any suggestions as to what to do next?  I
am sure it is something I am missing, but I read and re-read the man
pages and really couldn't find what I was doing wrong - of course
information starts to run together late at night and I might have
misread or confused something else.



Any help is greatly appreciated.



Thanks!

Reply | Threaded
Open this post in threaded view
|

Re: QUESTION ABOUT PPP.LINKUP AND PF

Rogier Krieger
On 2/9/06, Brian Shackelford <[hidden email]> wrote:
> ! sh -c "pfctl -e -f /etc/pf.conf"

You could use the (ppp0) syntax and enable pf by default instead. That
way, it will deal with the address as it is present on the ppp0
interface. At the same time, it will keep the rest of your networks
protected as well.

That said, have you tried entering the full path to pfctl? That may
help as well. That's just a guess from my part, though.

Cheers,

Rogier

--
If you don't know where you're going, any road will get you there.

Reply | Threaded
Open this post in threaded view
|

Re: QUESTION ABOUT PPP.LINKUP AND PF

Joe S-3
In reply to this post by Brian Shackelford
Brian Shackelford wrote:
> We have /etc/ppp/ppp.linkup and in that is a section like this:
> ! sh -c "pfctl -e -f /etc/pf.conf"
>

My ppp.linkup has this:
! sh -c "/sbin/pfctl -ef /etc/pf.conf"

and it works.

Reply | Threaded
Open this post in threaded view
|

Re: QUESTION ABOUT PPP.LINKUP AND PF

Peter Matulis
In reply to this post by Brian Shackelford
--- Brian Shackelford <[hidden email]> wrote:

> Hello -
>
>
>
> I am currently at the end of my understanding.  We have PF working
> between two Ethernet cards perfectly - we have absolutely no problems
> with it coming up properly and running as needed.  What I am having a
> problem with is when we use PPP to establish a connection to an ISP via
> a dialup modem.  In some cases we do need to do that as the locations do
> not have high speed access.
>
>
>
> We have a line for the dialup config in our ppp.conf file called
> elinkod:  This connects up to earthlink manually, with the -ddial or the
> -auto modes no problem and we can get around on the internet with no
> problems.
>
>
>
> We have /etc/ppp/ppp.linkup and in that is a section like this:
>
>
>
> elinkod:
>
> ! sh -c "pfctl -e -f /etc/pf.conf"
>
>
>
> Now from what I understand this should allow the connection to establish
> and the enable pf with the ruleset contained in pf.conf.  It doesn't
> seem to ever work.  We even tried putting the commands to kick off in a
> separate script file and kick that file off like so:
>
>
>
> elinkod:
>
> !bg /etc/ppp/ppp.linkup.elinkod
>
>
>
> Again that also did not work.  We have the set log options set in the
> ppp.conf file under the elinkod section and the relevant sections setup
> in syslog.conf to allow for logging of ppp information to
> /var/log/ppp.log - but nothing is appearing in the log files either.
>
>
>
> Just wondering if anyone has any suggestions as to what to do next?  I
> am sure it is something I am missing, but I read and re-read the man
> pages and really couldn't find what I was doing wrong - of course
> information starts to run together late at night and I might have
> misread or confused something else.

You have to put a space before the exclamation mark.