NAT and PPPoE problems

Luke Kearney lukek at meibin.net
Mon Oct 13 08:13:43 PDT 2003 

Hi,
From my casual observation your rc.conf has a spelling error in it, you
have gatway_enable="yes" should of course be gateway_enable="yes". Sorry
if you had picked it up earlier. 

This is one of my favourites for setting up a router

http://lantech.geekvenue.net/chucktips/jason/chuck/1031194375/index_html

as is 

http://www.schlacter.net/public/FreeBSD-STABLE_and_IPFILTER.html

or

http://renaud.waldura.com/doc/freebsd/firewall/

Good luck with that one

LukeK


On Sun, 12 Oct 2003 18:16:34 -0700 (PDT)
Sean Noonan <snoonan at addr8.addr.com> granted us these pearls of wisdom:

> Hi Folks,
> 
> I've used NAT with FreeBSD for years now, but recently had to change my
> ISP.  My new ISP, SBC, uses PPPoE (yuck).  I've finally got PPPoE working,
> but am having a heck of a time getting NAT to work with it.  I'm tracking
> STABLE and cvsup'd, etc, about two weeks ago to 4.9-PRERELEASE.  Here's my
> config:
> 
> /etc/ppp/ppp.conf:
> 
> default:
>  # PPP over Ethernet
>  set log phase tun command
>  set device PPPoE:dc0
>  set mru 1492
>  set mtu 1492
>  set ctsrts off
>  set cd off
>  set redial 0 0
>  set dial
>  set login
>  # set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
>  set ifaddr 67.116.219.246/0 67.116.219.254/0
>  add default HISADDR                    # Add a (sticky) default route
>  enable lqr
>  enable dns
> SBC:
>  set authname myuserid at sbcglobal.net
>  set authkey mypassword
> 
> /etc/rc.conf:
> 
> ez_ipupdate_enable="YES"
> firewall_enable="YES"
> firewall_type="open"
> firewall_logging="YES"
> gatway_enable="YES"
> gif_interfaces="gif0"
> # gifconfig_gif0="67.112.141.75 67.52.144.191"
> hostname="sean-noonan.kicks-ass.net"
> ifconfig_xl0="inet 192.168.6.1 netmask 255.255.255.0"
> ipsec_enable="YES"
> kern_securelevel_enable="NO"
> linux_enable="YES"
> lpd_endable="YES"
> moused_enable="YES"
> moused_flags="-3"
> moused_type="auto"
> named_enable="NO"
> #natd_enable="YES"
> #natd_interface="dc0"
> network_interfaces="xl0 dc0 gif0 tun0 lo0"
> nfs_reserved_port_only="YES"
> nfs_server_enable="YES"
> nisdomainname="NO"
> ppp_enable="YES"
> ppp_mode="ddial"
> ppp_nat="YES"
> ppp_profile="SBC"
> saver="logo"
> sendmail_enable="YES"
> sshd_enable="YES"
> syslogd_enable="YES"
> tcp_extensions="YES"
> xntpd_enable="YES"
> 
> output of ifconfig -a:
> 
> xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         inet 192.168.6.1 netmask 0xffffff00 broadcast 192.168.6.255
>         inet6 fe80::2a0:24ff:fed8:4738%xl0 prefixlen 64 scopeid 0x1
>         ether 00:a0:24:d8:47:38
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
> dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         inet6 fe80::204:5aff:fe45:5aa8%dc0 prefixlen 64 scopeid 0x2
>         ether 00:04:5a:45:5a:a8
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
> lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>         inet6 ::1 prefixlen 128
>         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
>         inet 127.0.0.1 netmask 0xff000000
> ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
> sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
> faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
> tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
>         inet 67.121.201.208 --> 67.121.203.254 netmask 0xffffffff
>         Opened by PID 57
> 
> output of netstat -rn:
> 
> Routing tables
> Internet:
> Destination        Gateway            Flags    Refs      Use  Netif Expire
> default            67.121.203.254     UGSc        4       30   tun0
> 67.121.203.254     67.121.201.208     UH          5        0   tun0
> 127.0.0.1          127.0.0.1          UH          0        0    lo0
> 192.168.6          link#1             UC          1        0    xl0
> 192.168.6.2        00:0c:76:51:77:7e  UHLW        0        0    xl0   1079
> 
> The RFC1918 PC is using 192.168.6.2 for its IP address and 192.168.6.1 for
> its default gateway.  The RFC1918 PC can successfully ping the gateway's
> internal and external interfaces, but nothing beyond.
> 
> Adding an ipfw rule like:
> 
> ipfw add 1 allow log ip from any to any
> 
> shows ping traffic betwen the inside interface of the gateway and the
> RFC1918 PC, but nothing else.
> 
> I've tried several ways of involking NAT, including via the ppp.conf file,
> via the command-line, and via rc.conf (the current flavor).  None seem to
> work.
> 
> Anybody have an ideas on how to proceed??
> 
> TIA,
> 
> --Sean Noonan.
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list