On 25 Aug 2008, at 11:53, Andrew Gaydenko wrote:
======= On Monday 25 August 2008, Stroller wrote: =======
On 23 Aug 2008, at 21:09, Andrew Gaydenko wrote:
...
1. eth0 IP address,
2. adsl modem IP address eth0 is connected with,
3. dedicated IP address for ppp0 interface after connecting to...
4. ... provider's pptp server with another, fourth, IP address.
Could you try explaining this again, please?
The adsl modem will not be "connected with" eth0, because the ADSL
modem will (surely?) be ppp0.
I mean physical connection: a cable is connected from eth0 to the
modem.
Last one is connected to phone line. pptp client starting creates ppp0
interface. An incoming speed is about 4Mbit/sec.
I can't really help with this. Here (in the UK) we use PPPoA and a
"modem" would usually be connected by USB - the connection to the
internet would be made by a single cable represented by a single
interface. I find this "logical" and "correct", and PPPoE doesn't
make much sense to me (but perhaps because I've never come into
contact with it).
Here in the UK a "modem" connecting to a computer by Ethernet would
be uncommon, but these do exist - they're really a router with a
fixed 1:1 NAT. Authentication is done by the "modem" itself and
configured via a web-page hosted on it.
The aim is to close all incoming traffic except for, say, httpd
port.
As I'm reading it you can simply firewall all unsolicited incoming on
ppp0 - ignoring all other interfaces - then open port 80. But since
your explanation doesn't make sense I can't be sure I'm not missing
something.
Yes, I also think ppp0 may be treated as INET_IFACE in Oscar's
tutorial
terms. The main question is what to do with eth0 wrt filtering.
Best guess: ignore it. Presumably the point of having both is that
only ppp0 can be seen by the outside world. Presumably eth0 has a
private address and is inaccessible from the internets.
Stroller.
