continuous improvement | Home | Services | FAQs | Notes | Contact Us |
This page describes how to install and configure PPPD and PF (Packet Filter) as a home firewall connected to the net with an external modem using PAP authentication with ihug Australia. The ISP Ihug is no longer exists. There probably no point using PF now that PFsense is avaiable with it's easy to use web GUI.
Once the configuration of the server is complete all that's necessary to do is set the default route of the local machines to the internal interface of the firewall and change the nameserver address.
P166 computer
External 56k modem
FreeBSD 5.3
PPPD (point to point protocol daemon)
PF (packet filter - firewall)
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=0
pf_enable="YES" #Enable PF (load module if required)
ext_if="ppp0"
int_if="fxp0"
internal_net="192.168.1.0/24"
#table <private> { 10/8, 172.16/12, 192.168/16 }
scrub in all
nat on $ext_if from $internal_net to any -> ($ext_if)
# redirect dns to remote
#rdr on $int_if inet proto { tcp, udp } from $internal_net to ($int_if) port 53 - > { 203.2.75.132, 198.142.0.51 } port 53 round-robin
# block all by default on $ext_if
block in on $ext_if all
block out on $ext_if all
# pass all by defauly on $int_if
pass in on $int_if all
pass out on $int_if all
#allow in ssh
pass in on $ext_if proto tcp from any to $ext_if port 22 keep state
allow all connections out
pass out on $ext_if proto { tcp, udp } all keep state
# pass incoming packets destined to the addresses given in table .
pass in on $ext_if proto { tcp, udp } from any to port 80 keep state
block any packets destined to a private address
#block in on $ext_if proto any from any to
#block out on $ext_if proto any from any to
REPORT CONNECT ABORT BUSY ABORT 'NO CARRIER'
'' \d\dAT OK \dATDTphone_number CONNECT ''
#!/bin/sh
#
# User settings...
# What serial device to use
COM_PORT=/dev/cuaa0
# What speed to use
COM_SPEED=115200
# What username to use for pap challange
ISP_USERNAME=username
# End of User settings
CHAT_SCRIPT=/etc/ppp/ihug.chat
#/sbin/pfctl -d
exec pppd $COM_PORT $COM_SPEED noauth user $ISP_USERNAME defaultroute connect "chat -f $CHAT_SCRIPT -t 30 -r /var/log/ppp.log"
#!/bin/sh
if [ -e "/var/run/ppp0.pid" ];
then
kill `cat /var/run/ppp0.pid`
else
echo "PPPD is not running"
fi
#!/bin/sh
#i use the line below to stop pf if it's already running
/sbin/pfctl -d
#this line starts pf
/sbin/pfctl -e -f /etc/pf.conf
#!/bin/sh
/sbin/pfctl -d
#Secrets for authentication using PAP
#Client Server Secret IP address
username * password *
#/etc/ppp/ihug.start
#/etc/ppp/ihug.stop
#less /var/log/ppp.log
less /var/run/ppp0.pid
or
ps ax | less
pfctl -f /etc/pf.conf