NAT & PPPoE (detailed email)

JJB Barbish3 at adelphia.net
Fri Mar 12 07:51:22 PST 2004 

Go back to using generic kernel.
There is no reason to compile anything  to get your setup to
function
at your friend house using dsl.

Make these changes

In ppp.conf   delete
        papchap:
         set authname {username}
         set authkey {password}

in rc.conf

 change this  ifconfig_fxp0="DHCP" to         ifconfig_fxp0="UP"
and add this          ifconfig_tun0="DHCP"

also needs hostname for sendmail to work  use "fbsdhome.com" as good
fake FQDN.


-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Mohsin
Rahman
Sent: Friday, March 12, 2004 10:29 AM
To: FreeBSD Questions
Subject: NAT & PPPoE (detailed email)

Hello List,

I am trying to setup a FreeBSD  4.9-STABLE (FreeBSD 4.9-STABLE #0:
Wed
Mar 10 17:33:52 EST 2004) box to connect to verizon dsl. This
machine will
be acting as a firewall, gateway, web and db server. I have 2 intel
10/100
nic (fxp0, fxp1).

External Interface: fxp0
Internal Interface: fxp1

First thing I did was set it up in my office for NAT with static ip
on
fxp0 and compiled the kernel with

        options         IPFIREWALL
        options         IPDIVERT

in /etc/rc.conf I did:

        defaultrouter="205.246.19.1"
        hostname="mohsinlap.buffnet.net"

        ifconfig_fxp0="inet 205.246.19.43 netmask 255.255.255.0"
        ifconfig_fxp1="inet 192.168.1.1  netmask 255.255.255.0"

        gateway_enable="YES"
        firewall_enable="YES"
        firewall_script="/etc/rc.firewall"
        firewall_type="OPEN"
        firewall_quiet="YES"

        natd_program="/sbin/natd"
        natd_enable="YES"
        natd_interface="fxp0"
        natd_flags="-f /etc/natd.conf"

        named_enable="YES"
        named_program="/usr/sbin/named"
        named_flags="-b /etc/namedb/named.conf"


my /etc/natd.conf file has:

        interface fxp1
        use_sockets yes
        same_ports yes
        log_denied yes


Works like a charm. Was able to get to internet using a NAT'd
machine
(192.168.1.7). Ok.. now I take this machine to a friend who will be
usig this. Since Verizon uses PPPoE, I did some googling and now my
setup
looks like this:

the new /etc/rc.conf:

        defaultrouter=""
        hostname=""

        ifconfig_fxp0="DHCP"
        ifconfig_fxp1="inet 192.168.1.1  netmask 255.255.255.0"

        gateway_enable="YES"
        firewall_enable="YES"
        firewall_script="/etc/rc.firewall"
        firewall_type="OPEN"
        firewall_quiet="YES"

        ppp_enable="YES"
        ppp_mode="ddial"
        ppp_nat="NO"

        natd_program="/sbin/natd"
        natd_enable="YES"
        natd_interface="fxp0"
        natd_flags="-f /etc/natd.conf"


/etc/ppp/ppp.conf:


        default:
         #PPPoE: PPP over Ethernet

         set device PPPoE:fxp0
         set speed sync
         set mru 1492
         set mtu 1492
         set ctsrts off
         enable lqr
         set log phase tun
         add default HISADDR
         enable dns

        papchap:
         set authname {username}
         set authkey {password}

in my kernel:

        pseudo-device   tun
        options         NETGRAPH

recompile kernel, and machine comes up... but here comes the
problem:

since there is no hostname, during the bootup, it tries to negotiate
a
hostname and timesout after some time. Then I get:

IP packet filtering initialized, divert enabled, rule-based
forwarding
enabled, default to deny, logging disabled
ad0: 3098MB <IBM-DAQA-33240> [6296/16/63] at ata0-master WDMA2
acd0: CDROM <MATSHITA CR-5850> at ata1-master PIO3
acd1: CD-RW <Hewlett-Packard CD-Writer Plus 8100> at ata1-slave PIO3
Mounting root from ufs:/dev/ad0s1a
module_register: module netgraph already exists!
linker_file_sysinit "netgraph.ko" failed to register! 17


and continues to load apache, mysql. I login to the shell and try to
telnet to my test server at work and I do get to my test server.
Here is
what ifconfig shows:

fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::280:5fff:fed7:8892%fxp0 prefixlen 64 scopeid 0x1
        inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
        ether 00:80:5f:d7:88:92
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 fe80::2a0:c9ff:feaa:d54c%fxp1 prefixlen 64 scopeid 0x2
        ether 00:a0:c9:aa:d5:4c
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
        inet 141.149.140.108 --> 10.15.1.1 netmask 0xffffffff
        Opened by PID 61


My PPPoE works OK... I do get an IP and can get to internet from
this
machine. The problem is I can get to the internet from this
machine ONLY, none my other machines can get to internet. How do I
go
about  fixing this? After working on this for 3 hours, I am missing
something very obvious. Please help.... Thanks.

--
Mohsin AbdulRahman
MTech at BuffNET.Net

_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list