NAT & PPPoE (detailed email)

[Chuck Swiger]

Mohsin Rahman wrote:
> Thank you. I will try tun0 as my nat interface. However, if lets say, the
> modem drops the connection and the next attempt to access the internet,
> wouldn't FreeBSD assign the new ip address to tun1 and basically render
> tun0 nat useless? A better solution might be to let do ppp -nat perhaps. I
> will test and post my results. Thanks.

You should have ppp do the NAT, yes.  If you use ppp with the -auto or -ddial, 
you can have on-demand dialing where ppp will attempt to bring up the link if 
it drops.  That means NAT should handle the link drop better (since ppp knows 
to use the new connection's IP), and it also means that your firewall rules 
can simply use tun0.

/etc/ppp/ppp.conf should contain something like:

default:
  set log local connect ipcp lcp lqm chat
# set log all
  ident user-ppp VERSION (built COMPILATIONDATE)
  enable lqr
  set server 3000 xxxxx
  set timeout 1200                       # 20 minute idle timer
# enable dns                            # request DNS info (for resolv.conf)
  set device PPPoE:fxp0:verizon
  set login
  set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
            \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"
  set urgent udp +53
  set urgent tcp +53
  set urgent udp +123
  set urgent tcp +123
  set ifaddr 162.84.171.0/0 10.3.23.0/0 255.255.255.255 0.0.0.0
  add! default HISADDR                   # Add a (sticky) default route
  nat enable yes
  nat use_sockets yes
  nat same_ports yes
  nat port tcp 192.168.1.3:6667 6667

verizon:
  set authname xxxxx
  set authkey xxxxx

[ ... ]
-- 
-Chuck