Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 21 Nov 2008 14:57:26 +0100
From:      Polytropon <freebsd@edvax.de>
To:        freebsd-questions@freebsd.org
Subject:   Re: Problem about ppp -nat
Message-ID:  <20081121145726.0c1208bc.freebsd@edvax.de>
In-Reply-To: <20081121060619.GA1057@gmail.com>
References:  <20081121060619.GA1057@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Allthough others have already given you good advice, I'd like to
add that I'm running here at a similar setting, but without any
of these "Windows". :-)

First of all, I made my kernel capable; significant parts:

	# Firewall, NAT
	options         DUMMYNET
	options         IPFIREWALL
	options         IPFIREWALL_DEFAULT_TO_ACCEPT
	options         IPFIREWALL_VERBOSE
	options         IPFIREWALL_VERBOSE_LIMIT=500
	options         IPFILTER
	options         IPDIVERT

	# PPPoE: netgraph(4) system
	options         NETGRAPH
	options         NETGRAPH_ETHER
	options         NETGRAPH_SOCKET
	options         NETGRAPH_PPPOE

If you don't want to compile a custom kernel, it's no problem. As
far as I know, the required kernel modules will be loaded automatically.

My setting includes two network interfaces, just like yours.
Interface xl0 + tun0 is the PPPoE connection to the outside, while
interface rl0 is the connection to the (slow) switch where the "clients"
are connected.

Configuration in /etc/rc.conf goes this way:

	ifconfig_xl0="inet 192.168.0.1  netmask 0xffffff00"
	ifconfig_rl0="inet 192.168.1.1  netmask 0xffffff00  media 10baseT/UTP"
	firewall_enable="YES"
	firewall_type="/etc/ipfw.conf"
	gateway_enable="YES"
	named_enable="YES"
	natd_enable="YES"
	natd_interface="xl0"
	ppp_enable="YES"
	ppp_profile="mydslprovider"
	ppp_mode="ddial"
	ppp_nat="YES"

The connection is established via /etc/ppp/ppp.conf settings.
Then I use a DHCP server to assign IPs to the "clients" instead
of giving them fixed ones. In fact, they are fixed because I set
up isc-dhcpd3-server (from ports) to assign IPs according to the
respective MAC adresses. :-)

Important note to IPFW settings: Have the line

	add divert natd ip      from any to any         via     xl0

in your /etc/ipfw.conf.

If you need to, you can add flags for natd in order to have a
certain kind of port or address redirection, such as

	natd_flags="-redirect_port tcp 192.168.1.5:23 6666"

or

	natd_flags="-redirect_address 192.168.1.2 123.456.789.123 \
		    -redirect_address 192.168.1.5 123.456.789.123"

In any case, go and check your "Windows" the usual way. Don't 
forget to do it, instead you'll end up searching for an error
on the correctly working FreeBSD installation. :-)

Check if the "Windows" has got the correct IP, if the name server
settings are correct and if you can (1st) ping the gateway
machine and (2nd) something outside the gateway machine.



-- 
Polytropon
>From Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081121145726.0c1208bc.freebsd>