On Mon, Jun 03, 2002 at 09:53:30AM +0200, Bernd Eckenfels did this all over the keyboard: > On Mon, Jun 03, 2002 at 07:18:02AM +0200, Oliver Epper wrote: > > After starting the pppd I have the device ppp0, of course. > > My question is should I consider ppp0, or eth1 as the outgoing device > > for my iptables firewall/masquerading setup ? > > Your actual content is sent over the ppp device, this is where your utgoing > ruels are concerned. But you also need to block all data from/to eth1 > besides the pppoe packets. Disagree. If you block packets on ppp0 they won't even reach eth1. As far as outgoing packets are concerned it'd recommend blocking them on ppp0, because from your machines point of view, ppp0 is the last station in the routing proccess, which is physicaly 'in' your machine. If you had more then one ppp device, and'd block on eth0, you would probably block allowed traffic (ppp1, ppp2), because at this point (eth1) the routing decision is in progress. Just my 2 euro cents. Regards, Willi -- _ / \ / \ ASCII Ribbon Campain \ / against HTML in \ / eMail & news X / \
Attachment:
pgpnlQUiqTsGa.pgp
Description: PGP signature