A Challenge... NAT for PPP dial in user

Fri Dec 26 15:07:43 PST 2003

I must have missed the original email, but I  think the fact that the
local end of the ppp link has the same IP address as the machine's
default gateway is probably more to blame.

The ppp ifaddr range should be either on a different subnet, or use an
address range not already in use on the lan. This means BOTH ends of the
link. So take out '192.168.1.1' and replace it with something unused.
You will probably need to change the add route statement to 
'add HISADDR 255.255.255.255 MYADDR' because you don't want to route the
whole subnet down the ppp interface.

Seeya...Q

On Sat, 2003-12-27 at 00:45, Lowell Gilbert wrote:
> "Drew Robertson" <the_brothel at hotmail.com> writes:
> 
> > I've been playing around with this for a while.
> > 
> > I have a FreeBSD 4.8 box set as a gateway on my home LAN.  I have 1 pc
> > downstairs, and a few dial up users... FreeBSD box has 2 network
> > cards, 1 for internal, 1 for external internet using cable & 1 56k
> > modem.
> > 
> > Very simple problem... when a dial in user connects to the FreeBSD
> > gateway/router using PPP, NAT stops working on the PC downstairs and
> > won't work on the dial in PC either...
> > 
> > I have complete LAN access (telnet, ssh, samba, ping etc) on both the
> > dial in PC and the downstairs PC, but somewhere my config is
> > preventing everyone from being able to access the internet at once.
> > 
> > In rc.conf, I have my Gateway_enable=YES, defaultrouter=192.168.1.1,
> > router_enable=yes, proxyarp_all=yes...
> > 
> > PPP.conf is simple...
> > 
> >   enable pap
> >   enable passwdauth
> >   set ifaddr 192.168.1.1 192.168.1.100-192.168.1.199 255.255.255.0
> >   add HISADDR 255.255.255.0 MYADDR
> >   accept dns
> >   set dns 203.2.75.132
> >   enable proxy
> > 
> > In natd.conf
> > 
> > interface tl0
> > sameports yes
> > dynamic yes
> > 
> > I'm running a firewall, but it is open for the TUN0 interface...
> > 
> > I also have a divert natd (8668) allow all from any to any out via tl0
> > 
> > All other PC's on the LAN are windows clients... the one downstairs I
> > was able to just set a default gateway and it was up and running on
> > the internet, unfortunately it isn't done like that on a dial in setup
> > on windows...  I can't use DHCP for the clients, as I'm not supposed
> > to have internet sharing running...
> > 
> > Do I need to have an add statement in the PPP.conf, or do i have to
> > enable proxyall rather than enable proxy??
> > 
> > Worst thing about this is I can't find enough doco on it on the
> > net... I'll write my own when I get it done...
> 
> I think that natd(8) and the NAT from ppp(8) are stepping on each
> other's toes.  Try not enabling NAT in ppp(8) at all, and letting
> natd(8) take care of it.  It's the same outside interface, after all;
> it should "just work".