NAT and PPPoE problems
Sean Noonan
snoonan at addr8.addr.com
Sun Oct 12 18:16:36 PDT 2003
Hi Folks,
I've used NAT with FreeBSD for years now, but recently had to change my
ISP. My new ISP, SBC, uses PPPoE (yuck). I've finally got PPPoE working,
but am having a heck of a time getting NAT to work with it. I'm tracking
STABLE and cvsup'd, etc, about two weeks ago to 4.9-PRERELEASE. Here's my
config:
/etc/ppp/ppp.conf:
default:
# PPP over Ethernet
set log phase tun command
set device PPPoE:dc0
set mru 1492
set mtu 1492
set ctsrts off
set cd off
set redial 0 0
set dial
set login
# set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
set ifaddr 67.116.219.246/0 67.116.219.254/0
add default HISADDR # Add a (sticky) default route
enable lqr
enable dns
SBC:
set authname myuserid at sbcglobal.net
set authkey mypassword
/etc/rc.conf:
ez_ipupdate_enable="YES"
firewall_enable="YES"
firewall_type="open"
firewall_logging="YES"
gatway_enable="YES"
gif_interfaces="gif0"
# gifconfig_gif0="67.112.141.75 67.52.144.191"
hostname="sean-noonan.kicks-ass.net"
ifconfig_xl0="inet 192.168.6.1 netmask 255.255.255.0"
ipsec_enable="YES"
kern_securelevel_enable="NO"
linux_enable="YES"
lpd_endable="YES"
moused_enable="YES"
moused_flags="-3"
moused_type="auto"
named_enable="NO"
#natd_enable="YES"
#natd_interface="dc0"
network_interfaces="xl0 dc0 gif0 tun0 lo0"
nfs_reserved_port_only="YES"
nfs_server_enable="YES"
nisdomainname="NO"
ppp_enable="YES"
ppp_mode="ddial"
ppp_nat="YES"
ppp_profile="SBC"
saver="logo"
sendmail_enable="YES"
sshd_enable="YES"
syslogd_enable="YES"
tcp_extensions="YES"
xntpd_enable="YES"
output of ifconfig -a:
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.6.1 netmask 0xffffff00 broadcast 192.168.6.255
inet6 fe80::2a0:24ff:fed8:4738%xl0 prefixlen 64 scopeid 0x1
ether 00:a0:24:d8:47:38
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::204:5aff:fe45:5aa8%dc0 prefixlen 64 scopeid 0x2
ether 00:04:5a:45:5a:a8
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
inet 67.121.201.208 --> 67.121.203.254 netmask 0xffffffff
Opened by PID 57
output of netstat -rn:
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 67.121.203.254 UGSc 4 30 tun0
67.121.203.254 67.121.201.208 UH 5 0 tun0
127.0.0.1 127.0.0.1 UH 0 0 lo0
192.168.6 link#1 UC 1 0 xl0
192.168.6.2 00:0c:76:51:77:7e UHLW 0 0 xl0 1079
The RFC1918 PC is using 192.168.6.2 for its IP address and 192.168.6.1 for
its default gateway. The RFC1918 PC can successfully ping the gateway's
internal and external interfaces, but nothing beyond.
Adding an ipfw rule like:
ipfw add 1 allow log ip from any to any
shows ping traffic betwen the inside interface of the gateway and the
RFC1918 PC, but nothing else.
I've tried several ways of involking NAT, including via the ppp.conf file,
via the command-line, and via rc.conf (the current flavor). None seem to
work.
Anybody have an ideas on how to proceed??
TIA,
--Sean Noonan.
More information about the freebsd-questions
mailing list