NAT & PPPoE (detailed email)

Mohsin Rahman mtech at buffnet.net
Fri Mar 12 09:34:17 PST 2004 

Thank you. I will try tun0 as my nat interface. However, if lets say, the
modem drops the connection and the next attempt to access the internet,
wouldn't FreeBSD assign the new ip address to tun1 and basically render
tun0 nat useless? A better solution might be to let do ppp -nat perhaps. I
will test and post my results. Thanks.
 
--
Mohsin AbdulRahman
MTech at BuffNET.Net

On Fri, 12 Mar 2004, Peter Risdon wrote:

> JJB wrote:
> 
> >Go back to using generic kernel.
> >There is no reason to compile anything  to get your setup to
> >function
> >at your friend house using dsl.
> >
> >Make these changes
> >
> >In ppp.conf   delete
> >        papchap:
> >         set authname {username}
> >         set authkey {password}
> >
> >in rc.conf
> >
> > change this  ifconfig_fxp0="DHCP" to         ifconfig_fxp0="UP"
> >and add this          ifconfig_tun0="DHCP"
> >
> >also needs hostname for sendmail to work  use "fbsdhome.com" as good
> >fake FQDN.
> >  
> >
> This seems wrong. As I understand the OP, the machine can connect to the 
> internet and tun0 is getting an ip address fine (inet 141.149.140.108), 
> so he can use the dsl link already and deleting the papchap lines from 
> ppp.conf would break this.
> 
> But NAT isn't working. The natd_interface has to be the external 
> interface. Perhaps this should be tun0.
> 
> But man natd seems to recommend using ppp's nat functionality:
> 
>      (If you need NAT on a PPP link, ppp(8) provides the -nat option that
>      gives most of the natd functionality, and uses the same libalias(3)
>      library.)
> 
> So that might be easier.
> 
> Perhaps also give the machine a hostname.
> 
> PWR.
> 
> >
> >-----Original Message-----
> >From: owner-freebsd-questions at freebsd.org
> >[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Mohsin
> >Rahman
> >Sent: Friday, March 12, 2004 10:29 AM
> >To: FreeBSD Questions
> >Subject: NAT & PPPoE (detailed email)
> >
> >Hello List,
> >
> >I am trying to setup a FreeBSD  4.9-STABLE (FreeBSD 4.9-STABLE #0:
> >Wed
> >Mar 10 17:33:52 EST 2004) box to connect to verizon dsl. This
> >machine will
> >be acting as a firewall, gateway, web and db server. I have 2 intel
> >10/100
> >nic (fxp0, fxp1).
> >
> >External Interface: fxp0
> >Internal Interface: fxp1
> >
> >First thing I did was set it up in my office for NAT with static ip
> >on
> >fxp0 and compiled the kernel with
> >
> >        options         IPFIREWALL
> >        options         IPDIVERT
> >
> >in /etc/rc.conf I did:
> >
> >        defaultrouter="205.246.19.1"
> >        hostname="mohsinlap.buffnet.net"
> >
> >        ifconfig_fxp0="inet 205.246.19.43 netmask 255.255.255.0"
> >        ifconfig_fxp1="inet 192.168.1.1  netmask 255.255.255.0"
> >
> >        gateway_enable="YES"
> >        firewall_enable="YES"
> >        firewall_script="/etc/rc.firewall"
> >        firewall_type="OPEN"
> >        firewall_quiet="YES"
> >
> >        natd_program="/sbin/natd"
> >        natd_enable="YES"
> >        natd_interface="fxp0"
> >        natd_flags="-f /etc/natd.conf"
> >
> >        named_enable="YES"
> >        named_program="/usr/sbin/named"
> >        named_flags="-b /etc/namedb/named.conf"
> >
> >
> >my /etc/natd.conf file has:
> >
> >        interface fxp1
> >        use_sockets yes
> >        same_ports yes
> >        log_denied yes
> >
> >
> >Works like a charm. Was able to get to internet using a NAT'd
> >machine
> >(192.168.1.7). Ok.. now I take this machine to a friend who will be
> >usig this. Since Verizon uses PPPoE, I did some googling and now my
> >setup
> >looks like this:
> >
> >the new /etc/rc.conf:
> >
> >        defaultrouter=""
> >        hostname=""
> >
> >        ifconfig_fxp0="DHCP"
> >        ifconfig_fxp1="inet 192.168.1.1  netmask 255.255.255.0"
> >
> >        gateway_enable="YES"
> >        firewall_enable="YES"
> >        firewall_script="/etc/rc.firewall"
> >        firewall_type="OPEN"
> >        firewall_quiet="YES"
> >
> >        ppp_enable="YES"
> >        ppp_mode="ddial"
> >        ppp_nat="NO"
> >
> >        natd_program="/sbin/natd"
> >        natd_enable="YES"
> >        natd_interface="fxp0"
> >        natd_flags="-f /etc/natd.conf"
> >
> >
> >/etc/ppp/ppp.conf:
> >
> >
> >        default:
> >         #PPPoE: PPP over Ethernet
> >
> >         set device PPPoE:fxp0
> >         set speed sync
> >         set mru 1492
> >         set mtu 1492
> >         set ctsrts off
> >         enable lqr
> >         set log phase tun
> >         add default HISADDR
> >         enable dns
> >
> >        papchap:
> >         set authname {username}
> >         set authkey {password}
> >
> >in my kernel:
> >
> >        pseudo-device   tun
> >        options         NETGRAPH
> >
> >recompile kernel, and machine comes up... but here comes the
> >problem:
> >
> >since there is no hostname, during the bootup, it tries to negotiate
> >a
> >hostname and timesout after some time. Then I get:
> >
> >IP packet filtering initialized, divert enabled, rule-based
> >forwarding
> >enabled, default to deny, logging disabled
> >ad0: 3098MB <IBM-DAQA-33240> [6296/16/63] at ata0-master WDMA2
> >acd0: CDROM <MATSHITA CR-5850> at ata1-master PIO3
> >acd1: CD-RW <Hewlett-Packard CD-Writer Plus 8100> at ata1-slave PIO3
> >Mounting root from ufs:/dev/ad0s1a
> >module_register: module netgraph already exists!
> >linker_file_sysinit "netgraph.ko" failed to register! 17
> >
> >
> >and continues to load apache, mysql. I login to the shell and try to
> >telnet to my test server at work and I do get to my test server.
> >Here is
> >what ifconfig shows:
> >
> >fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >        inet6 fe80::280:5fff:fed7:8892%fxp0 prefixlen 64 scopeid 0x1
> >        inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
> >        ether 00:80:5f:d7:88:92
> >        media: Ethernet autoselect (100baseTX <full-duplex>)
> >        status: active
> >fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
> >        inet6 fe80::2a0:c9ff:feaa:d54c%fxp1 prefixlen 64 scopeid 0x2
> >        ether 00:a0:c9:aa:d5:4c
> >        media: Ethernet autoselect (100baseTX <full-duplex>)
> >        status: active
> >lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
> >lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
> >        inet6 ::1 prefixlen 128
> >        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
> >        inet 127.0.0.1 netmask 0xff000000
> >ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
> >sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
> >faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
> >tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
> >        inet 141.149.140.108 --> 10.15.1.1 netmask 0xffffffff
> >        Opened by PID 61
> >
> >
> >My PPPoE works OK... I do get an IP and can get to internet from
> >this
> >machine. The problem is I can get to the internet from this
> >machine ONLY, none my other machines can get to internet. How do I
> >go
> >about  fixing this? After working on this for 3 hours, I am missing
> >something very obvious. Please help.... Thanks.
> >
> >--
> >Mohsin AbdulRahman
> >MTech at BuffNET.Net
> >
> >_______________________________________________
> >freebsd-questions at freebsd.org mailing list
> >http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> >To unsubscribe, send any mail to
> >"freebsd-questions-unsubscribe at freebsd.org"
> >
> >_______________________________________________
> >freebsd-questions at freebsd.org mailing list
> >http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> >To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> >
> >
> >  
> >
> 
> 
>

More information about the freebsd-questions mailing list