Problem about ppp -nat
ptkrisada at gmail.com
Tue Nov 25 11:23:10 PST 2008
Firstly many thanks to all your help! And sorry for late reply...
> > With these settings, My FBSD host can NOT even dial out to ISP. :-(
> > Please anybody tell me, what I do wrong here.
> > At this time I must go back to the original setting in order to dial ISP.
> > And lastly I'm sorry for long questions.
I didn't touch /etc/ppp/ppp.conf, which has been working for 5 years since FBSD5.0R. Even if I go back to GENERIC kernel. I could not dial out to ISP in any ways. I didn't know what I do wrong even if I did read many docs. Yesterday I decided to re-install FBSD7.0R from CDs again. That causes late reply, I'm sorry. :-(
I now have gateway_enable="YES" and firewall_enable="YES" in my /etc/rc.conf.
I can then dial ISP again. Then the following steps were taken.
1. I can ping any sites and very fast.
2. # kldload ipfw (as I don't want to compile kernel anymore.)
3. # kldload ipdivert
4. I also have ``natd 8668/divert'' in my /etc/services.
5. # natd -interface tun0
6. # /sbin/ipfw add 101 divert natd all from any to any via tun0
7. # /sbin/ipfw add 102 pass all from any to any
(Note that my first ipfw rule is 100 check-state. So steps 6 and 7 should be considered as the first two filtering rules.)
I do this way because I know from reading document that ppp must be run before natd. I always want to dial ppp by myself so I can't put natd in /etc/rc.conf. And doing it interactively is very easy to detect when something goes wrong and step 1 can proof my good connection.
After step 7 I switched to terminal, which keeping ping. I found that ping stalled. I tried re-connect many times, now I know that step 3 causes the problem. I have also tried putting ipfw_load="YES" and ipdivert_load="YES" in /boot/loader.conf. The problem persists. I'm quite sure that the module ipdivert has adverse effect to the connection through modem. Should I say a bug?!!! Without ipdivert I can not play NAT (I don't want to learn ``ipfw nat'' and ``ppp -nat'' for now). This was also the major problem when I recompiled kernel with options IPDIVERT few days ago. That caused me unable to connect ISP. One thing I should note here, always run ppp before natd. Last time when I was on GENERIC kernel, I couldn't connect ISP because my /etc/rc.conf contained natd. So natd ran before ppp, which was run manually. That was wrong.
Anyone has a clue please point me to the right direction.
I would probably go back to external router gateway ``out of the box''.
For now I give up and need to rest.
More information about the freebsd-questions