From d28f8cbcf00a4b5356dee6eec8c6fdd3d2d6b4f9 Mon Sep 17 00:00:00 2001
From: Jesus Rodriguez Cuesta <jesusr@FreeBSD.org>
Date: Tue, 27 Feb 2001 12:45:43 +0000
Subject: [PATCH] Make clear the interface used by user-ppp (tun0) and pppd
 (ppp0).

PR:	docs/23342
Submitted by: ncalvo@es.freebsd.org
---
 .../articles/dialup-firewall/article.sgml     | 66 ++++++++++++++++++-
 .../articles/dialup-firewall/article.sgml     | 66 ++++++++++++++++++-
 2 files changed, 128 insertions(+), 4 deletions(-)

diff --git a/en_US.ISO8859-1/articles/dialup-firewall/article.sgml b/en_US.ISO8859-1/articles/dialup-firewall/article.sgml
index 750a33b619..2916c685b7 100644
--- a/en_US.ISO8859-1/articles/dialup-firewall/article.sgml
+++ b/en_US.ISO8859-1/articles/dialup-firewall/article.sgml
@@ -1,7 +1,7 @@
 <!--
      The FreeBSD Documentation Project
 
-     $FreeBSD: doc/en_US.ISO_8859-1/articles/dialup-firewall/article.sgml,v 1.4 2000/08/19 20:51:20 ben Exp $
+     $FreeBSD: doc/en_US.ISO_8859-1/articles/dialup-firewall/article.sgml,v 1.5 2001/01/18 23:43:31 dannyboy Exp $
 -->
 
 <!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V3.1-Based Extension//EN" [
@@ -24,7 +24,7 @@
       </author>
     </authorgroup>
 
-    <pubdate>$Date: 2001-01-18 23:43:31 $</pubdate>
+    <pubdate>$Date: 2001-02-27 12:45:43 $</pubdate>
 
     <abstract>
       <para>This article documents how to setup a firewall using a PPP
@@ -294,6 +294,68 @@ $fwcmd add 65435 deny log ip from any to any</programlisting>
 	    firewall.</para>
 	</answer>
       </qandaentry>
+
+      <qandaentry>
+	<question>
+	  <para>There must be something wrong.  I followed your instructions
+	    to the letter and now I am locked out.</para>
+        </question>
+
+	<answer>
+	  <para>This tutorial assumes that you are running
+	    <emphasis>userland-ppp</emphasis>, therefore the supplied ruleset
+	    operates on the <devicename>tun0</devicename> interface, which
+	    corresponds to the first connection made with &man.ppp.8; (a.k.a.
+	    <emphasis>user-ppp</emphasis>).  Additional connections would use
+	    <devicename>tun1</devicename>, <devicename>tun2</devicename> and so
+	    on.</para>
+
+	  <para>You should also note that &man.pppd.8; uses the
+	    <devicename>ppp0</devicename> interface instead, so if you start the
+	    connection with &man.pppd.8; you must substitute
+	    <devicename>tun0</devicename> for <devicename>ppp0</devicename>.  A
+	    quick way to edit the firewall rules to reflect this change is shown
+	    below. The original ruleset is backed up as
+	    <filename>fwrules_tun0</filename>.</para>
+
+	  <screen>
+	    &prompt.user; <userinput>cd /etc/firewall</userinput>
+	    /etc/firewall&prompt.user; <userinput>su</userinput>
+	    <prompt>Password:</prompt>
+	    /etc/firewall&prompt.root; <userinput>mv fwrules fwrules_tun0</userinput>
+	    /etc/firewall&prompt.root; <userinput>cat fwrules_tun0 | sed s/tun0/ppp0/g > fwrules</userinput>
+	  </screen>
+
+	  <para>To know whether you are currently using &man.ppp.8; or
+	    &man.pppd.8; you can examine the output of &man.ifconfig.8; once the
+	    connection is up. E.g., for a connection made with &man.pppd.8; you
+	    would see something like this (showing only the relevant lines):</para>
+
+	  <screen>
+	    &prompt.user; <userinput>ifconfig</userinput>
+	    <emphasis>(skipped...)</emphasis>
+	    ppp0: flags=<replaceable>8051&lt;UP,POINTOPOINT,RUNNING,MULTICAST&gt; mtu 1524</replaceable>
+                    inet <replaceable>xxx.xxx.xxx.xxx</replaceable> --&gt; <replaceable>xxx.xxx.xxx.xxx</replaceable> netmask <replaceable>0xff000000</replaceable>
+	    <emphasis>(skipped...)</emphasis>
+	    </screen>
+
+	  <para>On the other hand, for a connection made with &man.ppp.8;
+	    (<emphasis>user-ppp</emphasis>) you should see something similar to
+	    this:</para>
+
+	  <screen>
+	    &prompt.user; <userinput>ifconfig</userinput>
+	    <emphasis>(skipped...)</emphasis>
+	    ppp0: flags=<replaceable>8010&lt;POINTOPOINT,MULTICAST&gt; mtu 1500</replaceable>
+	    <emphasis>(skipped...)</emphasis>
+	    tun0: flags=<replaceable>8051&lt;UP,POINTOPOINT,RUNNING,MULTICAST&gt; mtu 1524</replaceable>
+	            <emphasis>(IPv6 stuff skipped...)</emphasis>
+                    inet <replaceable>xxx.xxx.xxx.xxx</replaceable> --&gt; <replaceable>xxx.xxx.xxx.xxx</replaceable> netmask <replaceable>0xffffff00</replaceable>
+                    Opened by PID <replaceable>xxxxx</replaceable>
+            <emphasis>(skipped...)</emphasis>
+            </screen>
+	</answer>
+      </qandaentry>
     </qandaset>
   </sect1>
 </article>
diff --git a/en_US.ISO_8859-1/articles/dialup-firewall/article.sgml b/en_US.ISO_8859-1/articles/dialup-firewall/article.sgml
index 750a33b619..2916c685b7 100644
--- a/en_US.ISO_8859-1/articles/dialup-firewall/article.sgml
+++ b/en_US.ISO_8859-1/articles/dialup-firewall/article.sgml
@@ -1,7 +1,7 @@
 <!--
      The FreeBSD Documentation Project
 
-     $FreeBSD: doc/en_US.ISO_8859-1/articles/dialup-firewall/article.sgml,v 1.4 2000/08/19 20:51:20 ben Exp $
+     $FreeBSD: doc/en_US.ISO_8859-1/articles/dialup-firewall/article.sgml,v 1.5 2001/01/18 23:43:31 dannyboy Exp $
 -->
 
 <!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V3.1-Based Extension//EN" [
@@ -24,7 +24,7 @@
       </author>
     </authorgroup>
 
-    <pubdate>$Date: 2001-01-18 23:43:31 $</pubdate>
+    <pubdate>$Date: 2001-02-27 12:45:43 $</pubdate>
 
     <abstract>
       <para>This article documents how to setup a firewall using a PPP
@@ -294,6 +294,68 @@ $fwcmd add 65435 deny log ip from any to any</programlisting>
 	    firewall.</para>
 	</answer>
       </qandaentry>
+
+      <qandaentry>
+	<question>
+	  <para>There must be something wrong.  I followed your instructions
+	    to the letter and now I am locked out.</para>
+        </question>
+
+	<answer>
+	  <para>This tutorial assumes that you are running
+	    <emphasis>userland-ppp</emphasis>, therefore the supplied ruleset
+	    operates on the <devicename>tun0</devicename> interface, which
+	    corresponds to the first connection made with &man.ppp.8; (a.k.a.
+	    <emphasis>user-ppp</emphasis>).  Additional connections would use
+	    <devicename>tun1</devicename>, <devicename>tun2</devicename> and so
+	    on.</para>
+
+	  <para>You should also note that &man.pppd.8; uses the
+	    <devicename>ppp0</devicename> interface instead, so if you start the
+	    connection with &man.pppd.8; you must substitute
+	    <devicename>tun0</devicename> for <devicename>ppp0</devicename>.  A
+	    quick way to edit the firewall rules to reflect this change is shown
+	    below. The original ruleset is backed up as
+	    <filename>fwrules_tun0</filename>.</para>
+
+	  <screen>
+	    &prompt.user; <userinput>cd /etc/firewall</userinput>
+	    /etc/firewall&prompt.user; <userinput>su</userinput>
+	    <prompt>Password:</prompt>
+	    /etc/firewall&prompt.root; <userinput>mv fwrules fwrules_tun0</userinput>
+	    /etc/firewall&prompt.root; <userinput>cat fwrules_tun0 | sed s/tun0/ppp0/g > fwrules</userinput>
+	  </screen>
+
+	  <para>To know whether you are currently using &man.ppp.8; or
+	    &man.pppd.8; you can examine the output of &man.ifconfig.8; once the
+	    connection is up. E.g., for a connection made with &man.pppd.8; you
+	    would see something like this (showing only the relevant lines):</para>
+
+	  <screen>
+	    &prompt.user; <userinput>ifconfig</userinput>
+	    <emphasis>(skipped...)</emphasis>
+	    ppp0: flags=<replaceable>8051&lt;UP,POINTOPOINT,RUNNING,MULTICAST&gt; mtu 1524</replaceable>
+                    inet <replaceable>xxx.xxx.xxx.xxx</replaceable> --&gt; <replaceable>xxx.xxx.xxx.xxx</replaceable> netmask <replaceable>0xff000000</replaceable>
+	    <emphasis>(skipped...)</emphasis>
+	    </screen>
+
+	  <para>On the other hand, for a connection made with &man.ppp.8;
+	    (<emphasis>user-ppp</emphasis>) you should see something similar to
+	    this:</para>
+
+	  <screen>
+	    &prompt.user; <userinput>ifconfig</userinput>
+	    <emphasis>(skipped...)</emphasis>
+	    ppp0: flags=<replaceable>8010&lt;POINTOPOINT,MULTICAST&gt; mtu 1500</replaceable>
+	    <emphasis>(skipped...)</emphasis>
+	    tun0: flags=<replaceable>8051&lt;UP,POINTOPOINT,RUNNING,MULTICAST&gt; mtu 1524</replaceable>
+	            <emphasis>(IPv6 stuff skipped...)</emphasis>
+                    inet <replaceable>xxx.xxx.xxx.xxx</replaceable> --&gt; <replaceable>xxx.xxx.xxx.xxx</replaceable> netmask <replaceable>0xffffff00</replaceable>
+                    Opened by PID <replaceable>xxxxx</replaceable>
+            <emphasis>(skipped...)</emphasis>
+            </screen>
+	</answer>
+      </qandaentry>
     </qandaset>
   </sect1>
 </article>