Date: Fri, 12 Mar 2004 16:43:41 +0000 From: Peter Risdon <peter@circlesquared.com> To: FreeBSD Question List q <freebsd-questions@freebsd.org> Subject: Re: NAT & PPPoE (detailed email) Message-ID: <4051E8BD.8080002@circlesquared.com> In-Reply-To: <MIEPLLIBMLEEABPDBIEGEELPFIAA.Barbish3@adelphia.net> References: <MIEPLLIBMLEEABPDBIEGEELPFIAA.Barbish3@adelphia.net>
next in thread | previous in thread | raw e-mail | index | archive | help
JJB wrote:
>Go back to using generic kernel.
>There is no reason to compile anything to get your setup to
>function
>at your friend house using dsl.
>
>Make these changes
>
>In ppp.conf delete
> papchap:
> set authname {username}
> set authkey {password}
>
>in rc.conf
>
> change this ifconfig_fxp0="DHCP" to ifconfig_fxp0="UP"
>and add this ifconfig_tun0="DHCP"
>
>also needs hostname for sendmail to work use "fbsdhome.com" as good
>fake FQDN.
>
>
This seems wrong. As I understand the OP, the machine can connect to the
internet and tun0 is getting an ip address fine (inet 141.149.140.108),
so he can use the dsl link already and deleting the papchap lines from
ppp.conf would break this.
But NAT isn't working. The natd_interface has to be the external
interface. Perhaps this should be tun0.
But man natd seems to recommend using ppp's nat functionality:
(If you need NAT on a PPP link, ppp(8) provides the -nat option that
gives most of the natd functionality, and uses the same libalias(3)
library.)
So that might be easier.
Perhaps also give the machine a hostname.
PWR.
>
>-----Original Message-----
>From: owner-freebsd-questions@freebsd.org
>[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Mohsin
>Rahman
>Sent: Friday, March 12, 2004 10:29 AM
>To: FreeBSD Questions
>Subject: NAT & PPPoE (detailed email)
>
>Hello List,
>
>I am trying to setup a FreeBSD 4.9-STABLE (FreeBSD 4.9-STABLE #0:
>Wed
>Mar 10 17:33:52 EST 2004) box to connect to verizon dsl. This
>machine will
>be acting as a firewall, gateway, web and db server. I have 2 intel
>10/100
>nic (fxp0, fxp1).
>
>External Interface: fxp0
>Internal Interface: fxp1
>
>First thing I did was set it up in my office for NAT with static ip
>on
>fxp0 and compiled the kernel with
>
> options IPFIREWALL
> options IPDIVERT
>
>in /etc/rc.conf I did:
>
> defaultrouter="205.246.19.1"
> hostname="mohsinlap.buffnet.net"
>
> ifconfig_fxp0="inet 205.246.19.43 netmask 255.255.255.0"
> ifconfig_fxp1="inet 192.168.1.1 netmask 255.255.255.0"
>
> gateway_enable="YES"
> firewall_enable="YES"
> firewall_script="/etc/rc.firewall"
> firewall_type="OPEN"
> firewall_quiet="YES"
>
> natd_program="/sbin/natd"
> natd_enable="YES"
> natd_interface="fxp0"
> natd_flags="-f /etc/natd.conf"
>
> named_enable="YES"
> named_program="/usr/sbin/named"
> named_flags="-b /etc/namedb/named.conf"
>
>
>my /etc/natd.conf file has:
>
> interface fxp1
> use_sockets yes
> same_ports yes
> log_denied yes
>
>
>Works like a charm. Was able to get to internet using a NAT'd
>machine
>(192.168.1.7). Ok.. now I take this machine to a friend who will be
>usig this. Since Verizon uses PPPoE, I did some googling and now my
>setup
>looks like this:
>
>the new /etc/rc.conf:
>
> defaultrouter=""
> hostname=""
>
> ifconfig_fxp0="DHCP"
> ifconfig_fxp1="inet 192.168.1.1 netmask 255.255.255.0"
>
> gateway_enable="YES"
> firewall_enable="YES"
> firewall_script="/etc/rc.firewall"
> firewall_type="OPEN"
> firewall_quiet="YES"
>
> ppp_enable="YES"
> ppp_mode="ddial"
> ppp_nat="NO"
>
> natd_program="/sbin/natd"
> natd_enable="YES"
> natd_interface="fxp0"
> natd_flags="-f /etc/natd.conf"
>
>
>/etc/ppp/ppp.conf:
>
>
> default:
> #PPPoE: PPP over Ethernet
>
> set device PPPoE:fxp0
> set speed sync
> set mru 1492
> set mtu 1492
> set ctsrts off
> enable lqr
> set log phase tun
> add default HISADDR
> enable dns
>
> papchap:
> set authname {username}
> set authkey {password}
>
>in my kernel:
>
> pseudo-device tun
> options NETGRAPH
>
>recompile kernel, and machine comes up... but here comes the
>problem:
>
>since there is no hostname, during the bootup, it tries to negotiate
>a
>hostname and timesout after some time. Then I get:
>
>IP packet filtering initialized, divert enabled, rule-based
>forwarding
>enabled, default to deny, logging disabled
>ad0: 3098MB <IBM-DAQA-33240> [6296/16/63] at ata0-master WDMA2
>acd0: CDROM <MATSHITA CR-5850> at ata1-master PIO3
>acd1: CD-RW <Hewlett-Packard CD-Writer Plus 8100> at ata1-slave PIO3
>Mounting root from ufs:/dev/ad0s1a
>module_register: module netgraph already exists!
>linker_file_sysinit "netgraph.ko" failed to register! 17
>
>
>and continues to load apache, mysql. I login to the shell and try to
>telnet to my test server at work and I do get to my test server.
>Here is
>what ifconfig shows:
>
>fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> inet6 fe80::280:5fff:fed7:8892%fxp0 prefixlen 64 scopeid 0x1
> inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
> ether 00:80:5f:d7:88:92
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
>fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
> inet6 fe80::2a0:c9ff:feaa:d54c%fxp1 prefixlen 64 scopeid 0x2
> ether 00:a0:c9:aa:d5:4c
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
>lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
>lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
> inet 127.0.0.1 netmask 0xff000000
>ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
>sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
>faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
>tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
> inet 141.149.140.108 --> 10.15.1.1 netmask 0xffffffff
> Opened by PID 61
>
>
>My PPPoE works OK... I do get an IP and can get to internet from
>this
>machine. The problem is I can get to the internet from this
>machine ONLY, none my other machines can get to internet. How do I
>go
>about fixing this? After working on this for 3 hours, I am missing
>something very obvious. Please help.... Thanks.
>
>--
>Mohsin AbdulRahman
>MTech@BuffNET.Net
>
>_______________________________________________
>freebsd-questions@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to
>"freebsd-questions-unsubscribe@freebsd.org"
>
>_______________________________________________
>freebsd-questions@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>
>
>
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4051E8BD.8080002>