Re: 2.6.11, pppoe, iptables

To: Debian Powerpc List <debian-powerpc@lists.debian.org>, Cedric Pradalier <cedric.pradalier@inrialpes.fr>
Subject: Re: 2.6.11, pppoe, iptables
From: Michael Flaig <mflaig@uni.de>
Date: Sun, 24 Apr 2005 12:30:21 +0200
Message-id: <[🔎] 1114338621.5913.22.camel@localhost>
In-reply-to: <[🔎] 20050422083347.03e8529c.cedric.pradalier@inrialpes.fr>
References: <[🔎] 20050422083347.03e8529c.cedric.pradalier@inrialpes.fr>

Hi,

my firewall is a duron 800 with sarge and 2.6.11 ...
my dsl connection does work only after I did run pppoeconfig.
If I reboot (without changes to pppoe settings) it doesn't work anymore.
ppp starts and quits, no other message logged.
Is this the same problem as yours?

But I think your problem may be another one...
As on the Interface (eth0 in your case) the firewall policy is already
set when you start dialing, i think the pppoe traffic gets dropped. If
your policy sets the filters for eth0 (in case you use ethernet), you
have to disable these policies before dialing out and set the policy
again after connection is established... 
firestarter has to set the default action for the interface to deny or
reject and let ports through that you have allowed. I think the pppoe
protocol is not tcp/ip and can not be filtered corretly by iptables. So
the packages get dropped because of the default action.

do you have anything in your log when you start dialing? 
anything useful to build an rule?

If you do not use ethernet in a local area network you should set the
firewall policy on ppp0 instead of the ethernet interface.  For pppoe to
work the eth0 interface shouldn't be configured and have an default
policy action like drop or reject, AFAIK...

If firestarter doesn't give you enough options to configure the iptables
rules maybe fwbuilder (http://www.fwbuilder.org) is something for you.

Regards.

mfl

Am Freitag, den 22.04.2005, 08:33 +1000 schrieb Cedric Pradalier:
> Hi all,
> 
> is there anybody out there using a kernel >= 2.6.10, with a pppoe connection to internet
> and a firewall with iptables, defined by hand or with firestarter ? (my machine is an
> ibook2.2, but I don't think this is relevant here).
> 
> I'd really like to know if I'm the only one having problem with this configuration. If
> this is a kernel bug, or my configuration's bug? Especially, if someone has this
> kind of setup working, I'd like to compare our configs.
> 
> On my machine, I'm stuck with 2.6.8 since any newer kernel (custom build or debian), with
> the firewall on, will fail to let TCP packet enter my machine.
> 
> Thanks for your help.
> --
> Cedric
> 
> 
-- 
Michael Flaig <mflaig@uni.de>

Reply to:

Follow-Ups:
- Re: 2.6.11, pppoe, iptables
  - From: Cedric Pradalier <cedric.pradalier@inrialpes.fr>

References:
- 2.6.11, pppoe, iptables
  - From: Cedric Pradalier <cedric.pradalier@inrialpes.fr>

Prev by Date: Re: modem on ibook g4
Next by Date: Re: some way to start gtkbuttons at X startup
Previous by thread: 2.6.11, pppoe, iptables
Next by thread: Re: 2.6.11, pppoe, iptables
Index(es):
- Date
- Thread