NAT & PPPoE (detailed email)

Mohsin Rahman mtech at buffnet.net
Fri Mar 12 07:29:22 PST 2004 

Hello List,

I am trying to setup a FreeBSD  4.9-STABLE (FreeBSD 4.9-STABLE #0: Wed
Mar 10 17:33:52 EST 2004) box to connect to verizon dsl. This machine will
be acting as a firewall, gateway, web and db server. I have 2 intel 10/100
nic (fxp0, fxp1).

External Interface: fxp0
Internal Interface: fxp1

First thing I did was set it up in my office for NAT with static ip on
fxp0 and compiled the kernel with

	options 	IPFIREWALL
	options		IPDIVERT

in /etc/rc.conf I did:

	defaultrouter="205.246.19.1"
	hostname="mohsinlap.buffnet.net"

	ifconfig_fxp0="inet 205.246.19.43 netmask 255.255.255.0"
	ifconfig_fxp1="inet 192.168.1.1  netmask 255.255.255.0"

	gateway_enable="YES"
	firewall_enable="YES"
	firewall_script="/etc/rc.firewall"
	firewall_type="OPEN"
	firewall_quiet="YES"

	natd_program="/sbin/natd"
	natd_enable="YES"
	natd_interface="fxp0"
	natd_flags="-f /etc/natd.conf"

	named_enable="YES"
	named_program="/usr/sbin/named"
	named_flags="-b /etc/namedb/named.conf"


my /etc/natd.conf file has:

	interface fxp1
	use_sockets yes
	same_ports yes
	log_denied yes


Works like a charm. Was able to get to internet using a NAT'd machine
(192.168.1.7). Ok.. now I take this machine to a friend who will be
usig this. Since Verizon uses PPPoE, I did some googling and now my setup
looks like this:

the new /etc/rc.conf:

	defaultrouter=""
	hostname=""

	ifconfig_fxp0="DHCP"
	ifconfig_fxp1="inet 192.168.1.1  netmask 255.255.255.0"

	gateway_enable="YES"
	firewall_enable="YES"
	firewall_script="/etc/rc.firewall"
	firewall_type="OPEN"
	firewall_quiet="YES"

	ppp_enable="YES"
	ppp_mode="ddial"
	ppp_nat="NO"

	natd_program="/sbin/natd"
	natd_enable="YES"
	natd_interface="fxp0"
	natd_flags="-f /etc/natd.conf"


/etc/ppp/ppp.conf:


	default:
	 #PPPoE: PPP over Ethernet

	 set device PPPoE:fxp0
	 set speed sync
	 set mru 1492
	 set mtu 1492
	 set ctsrts off
	 enable lqr
	 set log phase tun
	 add default HISADDR
	 enable dns

	papchap:
	 set authname {username}
	 set authkey {password}

in my kernel:

	pseudo-device   tun
	options         NETGRAPH

recompile kernel, and machine comes up... but here comes the problem:

since there is no hostname, during the bootup, it tries to negotiate a
hostname and timesout after some time. Then I get:

IP packet filtering initialized, divert enabled, rule-based forwarding
enabled, default to deny, logging disabled
ad0: 3098MB <IBM-DAQA-33240> [6296/16/63] at ata0-master WDMA2
acd0: CDROM <MATSHITA CR-5850> at ata1-master PIO3
acd1: CD-RW <Hewlett-Packard CD-Writer Plus 8100> at ata1-slave PIO3
Mounting root from ufs:/dev/ad0s1a
module_register: module netgraph already exists!
linker_file_sysinit "netgraph.ko" failed to register! 17


and continues to load apache, mysql. I login to the shell and try to
telnet to my test server at work and I do get to my test server. Here is
what ifconfig shows:

fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::280:5fff:fed7:8892%fxp0 prefixlen 64 scopeid 0x1
        inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
        ether 00:80:5f:d7:88:92
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 fe80::2a0:c9ff:feaa:d54c%fxp1 prefixlen 64 scopeid 0x2
        ether 00:a0:c9:aa:d5:4c
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
        inet 141.149.140.108 --> 10.15.1.1 netmask 0xffffffff
        Opened by PID 61


My PPPoE works OK... I do get an IP and can get to internet from this
machine. The problem is I can get to the internet from this
machine ONLY, none my other machines can get to internet. How do I go
about  fixing this? After working on this for 3 hours, I am missing
something very obvious. Please help.... Thanks.

--
Mohsin AbdulRahman
MTech at BuffNET.Net

More information about the freebsd-questions mailing list