Piercing the firewall is not everything. You must also route the packets from the client side of the firewall to the server side. This section tackles the basic settings specific about routing accross a tunnel. For more detailed explanations of routing, see the relevant HOWTOs and man pages about networking, routing and masquerading.
The catch is that although your network administration would tell you to setup your some router on your client side's as the default route, (this may be relevant if you want to have a specific route to the networks on the client of the firewall), you should setup PPP link as the route to the networks on the server side.
In other words, your default route should point to a router on whichever side of the tunnel that gives you access to the Internet.
Most importantly, packets sent to the server host as part of running the tunnel should be routed through your usual network (e.g. your default ethernet router); otherwise, your kernel will have problems, as it tries to route through the inside the tunnel the very packets that ought to constitute the outside of the tunnel.
Thus, you'll have to setup correct routes in your network startup configuration. The precise location of your routing configuration data depends on your distribution, but it is typically under /etc/init.d/network or /etc/network/; similarly, your PPP configuration is typically in /etc/ppp/, and the proper place to configure its routes is usually in ip-up or ip-up.d/. (Tip: to identify your distribution-specific file locations, you must read the documentation of your distribution and otherwise RTFM; alternatively use grep recursively on your /etc; at worst, trace what happens at boot time, as configured in your /etc/inittab.)
When piercing a tunnel from a roaming laptop on the Internet into a protected network, the script getroute.pl (available from the fwprc distribution) gives the current route to the server host that is the other end of the tunnel.
Once you can route packets to the server side of the tunnel, you might want to setup your machine as a router for all your pals on the client side of the firewall, achieving a full-fledged shared VPN. This is not specific to Firewall-Piercing, so just you read the relevant HOWTOs about networking, routing and masquerading. Also, for security reasons, be sure to also setup a proper firewall on your machine, especially if you're going to be a router for other people.
Finally, be reminded that if you're using pppd on the server end of the tunnel (as opposed to user-mode slirp), you will have to configure proper routes and firewall rules on the server side of the tunnel, too.
In this example, your client machine is connected to a firewalled LAN through ethernet device eth0. Its IP address is 126.96.36.199; its network is 188.8.131.52/24; its router is 184.108.40.206.
Your network administrator may have told you to use 220.127.116.11 as default router, but you shouldn't. You should only use it as a route to the client side of the firewall.
Let's suppose the client side of your firewall is made of networks 18.104.22.168/16 and 22.214.171.124/16, and of host 126.96.36.199. To make them accessible through your client router, add these routes to your global network startup script:
route add -net 188.8.131.52 netmask 255.255.0.0 gw 184.108.40.206 route add -net 220.127.116.11 netmask 255.255.0.0 gw 18.104.22.168 route add -host 22.214.171.124 gw 126.96.36.199
route add -net 188.8.131.52 netmask 255.255.255.0 dev eth0
route add default gw 184.108.40.206
route del default gw 220.127.116.11
route add default gw 10.0.2.2
route add -host 18.104.22.168 gw 22.214.171.124 route add -net 126.96.36.199 netmask 255.255.240.0 gw 10.0.2.2