ppp(8) and inbound IP connections
Eric van Gyzen
eric at vangyzen.net
Tue May 7 19:17:36 UTC 2013
On 05/07/2013 13:56, Matthias Apitz wrote:
> El día Tuesday, May 07, 2013 a las 07:43:30PM +0100, Joe Holden escribió:
>
>>> tun6: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
>>> options=80000<LINKSTATE>
>>> inet 10.33.28.104 --> 10.64.64.64 netmask 0xffffffff
>>> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
>>> Opened by PID 799
>>>
>>> and the routing is:
>>>
>>>
>>> Routing tables
>>>
>>> Internet:
>>> Destination Gateway Flags Refs Use Netif Expire
>>> default 10.64.64.64 UGS 0 1694 tun6
>>> 10.33.28.104 link#7 UHS 0 0 lo0
>>> 10.64.64.64 link#7 UHS 0 1 tun6
>>> 127.0.0.1 link#6 UH 0 75 lo0
>>>
>>> Any ideas about this? Thanks.
>>>
>>> I'm attaching the ppp.conf file.
>>>
>>> matthias
>>>
>> It seems quite clear from your ifconfig output that your provider
>> doesn't give you a routable address, so you will never see inbound
>> connections. Usually providers have an alternate APN that will give you
>> one, but that depends on the provider in question.
> Ofc, the provider must NAT somehow my local addr behind some routable
> valid IP addr, in our case 82.113.99.104; without this nothing would
> come back, even when the 1st SYN was from my side; the question is, why
> they do not manage the NAT table so any SYN to 82.113.99.104 is sent to
> my ppp link;
>
> or if they do send it, and my ppp config is wrong?
Most likely, multiple customers' local addresses are NATed to the same
routable address, so the router can't know which customer to chose for a
new incoming connection. De-NATing of incoming packets for existing
sessions is done via per-connection state-tracking, which of course
doesn't exist for a new incoming connection.
Eric
More information about the freebsd-net
mailing list