Date: Sun, 06 Aug 2000 17:32:01 +0100 From: David Goddard <goddard@acm.org> To: freebsd-questions@freebsd.org Subject: ppp and natd problems Message-ID: <3.0.3.32.20000806173201.0085c330@dmg.parse.net>
next in thread | raw e-mail | index | archive | help
Hi, I'm having some problems getting ipfw, natd and ppp all to work together happily on a recent 4.1-STABLE box. Basically, while the individual components seem to be working fine, if I try and get them working together, packets from my internal network no longer get out properly (or the translation isn't working properly or something). I've been using the documentation at http://www.freebsd.org/tutorials/dialup-firewall as a guide for the various settings, and have taken its advice to use natd instead of ppp for aliasing with ipfw. I've tried various combinations of settings (no natd, but using ppp -nat instead etc.), but nothing seems to work, although with different logging information being generated. Any connections from the box itself to the outside world work as expected, it's just stuff on my 10.0.* internal subnet that has problems. I've produced some logging information, while pinging an outside host from a computer on the internal network. The alias.log file contains entries such as these: icmp=0, udp=6, tcp=2, pptp=0, proto=0, frag_id=0 frag_ptr=0 / tot=8 (sock=0) icmp=0, udp=6, tcp=3, pptp=0, proto=0, frag_id=0 frag_ptr=0 / tot=9 (sock=0) icmp=0, udp=5, tcp=3, pptp=0, proto=0, frag_id=0 frag_ptr=0 / tot=8 (sock=0) Meanwhile, tcpdump returns the following. Note that the IP of the box doing the ping doesn't appear, so it looks like some translation is being done: dmg% tcpdump -i tun0 tcpdump: listening on tun0 10:54:13.274107 myhost > icwww.cc.ic.ac.uk: icmp: echo request 10:54:13.450202 icwww.cc.ic.ac.uk > myhost: icmp: echo reply 10:54:13.450695 icwww.cc.ic.ac.uk > myhost: icmp: echo reply 10:54:13.617630 myhost.1024 > dns1.myisp.domain: 48018+ PTR? 83.5.19 8.155.in-addr.arpa. (43) 10:54:13.820202 dns1.myisp.domain > myhost.1024: 48018 1/6/5 PTR icw ww.cc (303) 10:54:14.630420 myhost > icwww.cc.ic.ac.uk: icmp: echo request 10:54:14.790206 icwww.cc.ic.ac.uk > myhost: icmp: echo reply 10:54:14.790696 icwww.cc.ic.ac.uk > myhost: icmp: echo reply 10:54:14.823533 myhost.1024 > dns1.myisp.domain: 48738+ PTR? 76.0.20 0.195.in-addr.arpa. (43) 10:54:15.000247 dns1.myisp.domain > myhost.1024: 48738* 1/5/5 PTR dn s1.fte (263) 10:54:15.631630 myhost > icwww.cc.ic.ac.uk: icmp: echo request 10:54:15.780263 icwww.cc.ic.ac.uk > myhost: icmp: echo reply 10:54:15.790178 icwww.cc.ic.ac.uk > myhost: icmp: echo reply 10:54:16.633086 myhost > icwww.cc.ic.ac.uk: icmp: echo request 10:54:16.760313 icwww.cc.ic.ac.uk > myhost: icmp: echo reply 10:54:16.770215 icwww.cc.ic.ac.uk > myhost: icmp: echo reply My kernel is configured with the following options: options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #print information about # dropped packets options IPFIREWALL_FORWARD #enable transparent proxy support options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default options IPDIVERT options IPFILTER options IPSTEALTH The section from ppp.conf that I'm using is: myisp: set phone <myisp's phone> set login "ABORT NO\\sCARRIER TIMEOUT 15 ogin:--ogin: myuid word: mypasswd ocol: p pp" set timeout 120 set accmap 000a0000 set ifaddr 195.200.9.208 10.0.0.10/0 add default HISADDR enable dns Finally, my rc.conf file looks like this: hostname="myhost" ifconfig_ed0="inet 10.0.0.1 netmask 255.255.255.0" #ifconfig_tun0= gateway_enable="YES" named_enable="YES" named_flags="-u bind -g bind" linux_enable="YES" keymap="uk.cp850" nfs_server_enable="YES" ppp_enable="YES" ppp_mode="auto" ppp_nat="NO" ppp_profile="myisp" natd_enable="YES" natd_interface="tun0" natd_flags="-log -dynamic" firewall_enable="YES" firewall_type="simple" sendmail_flags="-bd" (As far as I can tell, I no longer need the ifconfig_tun0= entry that I had with previous versions) Disabling the firewall doesn't help, so it looks like a ppp/natd problem. Any suggestions? Thanks, Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.3.32.20000806173201.0085c330>