From owner-freebsd-questions@FreeBSD.ORG Tue Jun 17 18:33:36 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 26D6B32D for ; Tue, 17 Jun 2014 18:33:36 +0000 (UTC) Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [IPv6:2001:4b98:c:538::195]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D669C2D97 for ; Tue, 17 Jun 2014 18:33:35 +0000 (UTC) Received: from mfilter30-d.gandi.net (mfilter30-d.gandi.net [217.70.178.161]) by relay3-d.mail.gandi.net (Postfix) with ESMTP id 7A5D6A80B9 for ; Tue, 17 Jun 2014 20:33:33 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mfilter30-d.gandi.net Received: from relay3-d.mail.gandi.net ([217.70.183.195]) by mfilter30-d.gandi.net (mfilter30-d.gandi.net [10.0.15.180]) (amavisd-new, port 10024) with ESMTP id puv-dT0HcT+W for ; Tue, 17 Jun 2014 20:33:31 +0200 (CEST) X-Originating-IP: 76.10.184.212 Received: from [192.168.42.155] (76-10-184-212.dsl.teksavvy.com [76.10.184.212]) (Authenticated sender: lists@gooch.io) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id 26E51A80B1 for ; Tue, 17 Jun 2014 20:33:30 +0200 (CEST) Message-ID: <53A089F8.4060409@gooch.io> Date: Tue, 17 Jun 2014 11:33:28 -0700 From: Jesse Gooch Reply-To: jesse@gooch.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.5.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: pppoe with ppp and pf nat - problems booting Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jun 2014 18:33:36 -0000 Hello all! I've just set up an i386 box as my router with FreeBSD 10-RELEASE (updated with freebsd-update). I have two interfaces: sk0 and rl0. sk0 is configured in ppp.conf for pppoe to my DSL modem. rl0 is configured to a local IP, and I have pf set up for NAT and some port forwarding. Unfortunately on boot pf does not get set up since tun0 (created by ppp) does not exist when pf loads, so my ruleset is not loaded! This requires me to reload the pf ruleset whenever I reboot. Another problem with this approach is ntpdate fails to set time properly on boot as well (although this may be ppp taking a little while to get the connection set up). How can I get my system to just work when I boot up? I've copypasta'd the related conf files with names changed to protect the innocent below. ---ppp.conf--- default: set log Phase tun command disable ipv6 name_of_isp: disable ipv6 set device PPPoE:sk0 set authname isp_un set authkey isp_pw set dial set login add default HISADDR add default HISADDR6 enable dns --- ---rc.conf--- hostname="my_hostname" #this address is assigned to sk0 so I can access the administration page of my modem ifconfig_sk0="inet 192.168.1.100 netmask 255.255.255.0" ifconfig_rl0="inet 192.168.42.1 netmask 255.255.255.0" gateway_enable="YES" pf_enable="YES" pflog_enable="YES" ppp_enable="YES" ppp_mode="ddial" ppp_nat="NO" ppp_profile="name_of_isp" dhcpd_enable="YES" dhcpd_ifaces="rl0" named_enable="YES" ddclient_enable="YES" sshd_enable="YES" #ntpdate_enable="YES" #ntpdate_flags="-t 30 _timeservers_" ntpd_enable="YES" powerd_enable="YES" # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev="AUTO" --- ---pf.conf--- # Macros ext_if = "tun0" lan_if = "rl0" lan_ip = "192.168.42.0/24" # Tables # Options # Traffic Normalization scrub in on $ext_if all fragment reassemble # Queueing # Translation nat pass on $ext_if from $lan_ip to any -> {$ext_if} #some redirect rules removed for port forwarding here # Packet Filtering block in on $ext_if all pass out on $ext_if all keep state pass in on $lan_if all pass out on $lan_if all ---