From owner-freebsd-isp@FreeBSD.ORG Sun Aug 12 13:32:16 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5152616A419 for ; Sun, 12 Aug 2007 13:32:16 +0000 (UTC) (envelope-from jay.quest4@gmail.com) Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.186]) by mx1.freebsd.org (Postfix) with ESMTP id EB8D313C45A for ; Sun, 12 Aug 2007 13:32:15 +0000 (UTC) (envelope-from jay.quest4@gmail.com) Received: by rv-out-0910.google.com with SMTP id f1so856362rvb for ; Sun, 12 Aug 2007 06:32:15 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:from:to:subject:date:mime-version:content-type:x-priority:x-msmail-priority:x-mailer:x-mimeole; b=RWOcpVQ3P3HES8b1jFPaZ+eGe9rgFvG1WzzS8wdgwn4t2hEMkIlk2mvhcCuh6zk5Oz2UK6x3EaSM1vi6rRAaNzMp4CTJlrBgvcqaW5bR+xPjAZStZ8Wl4dq3ALz2sEaa72miDI9w8YiriXPujZEzInIG6Yhy2ZzyV5U5iAWtK/E= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:from:to:subject:date:mime-version:content-type:x-priority:x-msmail-priority:x-mailer:x-mimeole; b=secZN6M41AzANNt/Ej7upS7cfc3aelWr32yfZUBqe1IvPSfYxxqQP2hZvxDMtlK7LMX8ryM/YLEPuZFX2yx795+nBm6FxVu36IFC9npwXNLgWA+wuZ4NeaWC0RGvg5X4g1Bn+WDwzoIcCHNHLmvm/DSwVbcHsO7C5+w2We+8FQU= Received: by 10.141.42.10 with SMTP id u10mr2108968rvj.1186923940190; Sun, 12 Aug 2007 06:05:40 -0700 (PDT) Received: from 4BANKS ( [12.5.189.95]) by mx.google.com with ESMTPS id c20sm10519436rvf.2007.08.12.06.05.36 (version=SSLv3 cipher=RC4-MD5); Sun, 12 Aug 2007 06:05:39 -0700 (PDT) Message-ID: <002401c7dce1$79fdd8a0$5fbd050c@4BANKS> From: "Jay Banks" To: Date: Sun, 12 Aug 2007 08:05:33 -0500 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3028 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: PPPOE concentrator troubleshooting X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Aug 2007 13:32:16 -0000 With sparse documentation, I have managed to configure a FreeBSD MPD = PPPoE Concentrator, and I'm accessing it with a Mikrotik PPPoE client. = It works to some degree. I connect right away to the server, and if I = change the password to an invalid one, it refuses a connection. However, = from the client I can only get to the server. I can ping it, but = anything else, in the same network, or out to the Internet fails. I can = also pull up a website located on the same server as the PPPoE server. Per the documentation I have found, I turned on gateway_enabled=3D"YES" = in rc.conf. But to me, it seems like the FreeBSD server isn't forwarding = the packets from the PPPoE client on like it should.=20 Is there anything I should do besides gateway_enabled=3D"YES" to be able = to get the packets forwarding from the server to their proper = destination (and back!). I have pretty much figured all of this out by trial and error. Any help = would be greatly appreciated. Just someone pointing me to a "how-to" = that explains everything in more detail would also be great. I have = done a lot of googling on this issue, but I'm just missing the right = info, I guess. Thanks, Jay From owner-freebsd-isp@FreeBSD.ORG Sun Aug 12 14:25:34 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D4CFA16A417 for ; Sun, 12 Aug 2007 14:25:34 +0000 (UTC) (envelope-from jay.quest4@gmail.com) Received: from qb-out-0506.google.com (qb-out-0506.google.com [72.14.204.229]) by mx1.freebsd.org (Postfix) with ESMTP id 567FC13C45D for ; Sun, 12 Aug 2007 14:25:34 +0000 (UTC) (envelope-from jay.quest4@gmail.com) Received: by qb-out-0506.google.com with SMTP id a10so1847218qbd for ; Sun, 12 Aug 2007 07:25:33 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:from:to:references:subject:date:mime-version:content-type:content-transfer-encoding:x-priority:x-msmail-priority:x-mailer:x-mimeole; b=JAMcnYDwQ0AoAV/YsMboxJSAQ3QGmCGOZy88spHG5EePQAs1+CsScz0Qj2qvGqb09xpWQcsB7gdl5q3Wi8nfq87L5MSqXzrIt7NaOvpLAUQLLFrkVyhl2OV4IGPVB0UPbHaT2sloVkvCzOCgqtZz6pPz3lzCGum0R0bDX/AOkpY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:from:to:references:subject:date:mime-version:content-type:content-transfer-encoding:x-priority:x-msmail-priority:x-mailer:x-mimeole; b=nr4fdM6rlxttn9VvDCYS8awOUtLfSJLwtoWvxwG2AGPdYyo3wxaBIizBsPOMfWslIwD/0qFtpttwNUJzd2Fg0cPDKqhq/rzNz7B0wu4AEFmVSe2wADmap0iJb7B1U2yUBp6wdahoMFJpusv25/xO3MDu+Sb1NDyncruYqbIPlPE= Received: by 10.141.85.13 with SMTP id n13mr2140258rvl.1186928733226; Sun, 12 Aug 2007 07:25:33 -0700 (PDT) Received: from 4BANKS ( [12.5.189.95]) by mx.google.com with ESMTPS id f28sm10035602rvb.2007.08.12.07.25.26 (version=SSLv3 cipher=RC4-MD5); Sun, 12 Aug 2007 07:25:28 -0700 (PDT) Message-ID: <006d01c7dcec$a0ec6cf0$5fbd050c@4BANKS> From: "Jay Banks" To: References: <002401c7dce1$79fdd8a0$5fbd050c@4BANKS> <006701c7dce6$17e1c7d0$6500a8c0@laptopt> Date: Sun, 12 Aug 2007 09:25:21 -0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3028 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 Subject: Re: PPPOE concentrator troubleshooting X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Aug 2007 14:25:34 -0000 >Hi Jay > > Have a gander at > > http://www.hpi.net/whitepapers/warta/ > Regards > > Tim I've actually seen that before, and it would be great, except that I used mpd and not pppoed. And the reason I did that was because mpd was supposed to be a lot faster and require less resources because it runs partially in userland and partially in kernal mode. Unfortunately, it looks like only three or four people actually use mpd (and two of those people live in Russia and don't know english). Also, tons of people use PPPoE as a client, so when you try and search for info, you pull up info on how to configure a client, not a server. I noticed in this guy's diagrams he has two nic cards. I also ran into a Linux "how to" that said two NIC cards were required, one with no IP address and one with an IP address. Anyone know if it can be configured with one NIC card? Also, does anyone know what "set ipcp ranges" actually does. It looks like this in mpd.conf: set ipcp ranges 64.238.118.143/36 64.238.118.145/36 Sure would be nice if the manual documented stuff like that... I don't know, maybe it is in there somewhere and I just can't find it??? It's hard to pms too much when it's free, but darn I would pay money for some *good* documentaion or for someone to send me all of their config files from a working PPPoE server....how does $20.00 sound...anyone? :-) Thanks, Jay From owner-freebsd-isp@FreeBSD.ORG Sun Aug 12 16:52:58 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6D3D516A418 for ; Sun, 12 Aug 2007 16:52:58 +0000 (UTC) (envelope-from nikola@vlaeonline.com) Received: from hostsrv.it-box.org (hostsrv.it-box.org [85.17.154.31]) by mx1.freebsd.org (Postfix) with ESMTP id 0947D13C458 for ; Sun, 12 Aug 2007 16:52:57 +0000 (UTC) (envelope-from nikola@vlaeonline.com) Received: from localhost (localhost.localdomain [127.0.0.1]) by hostsrv.it-box.org (Postfix) with ESMTP id 2A40013C6C5; Sun, 12 Aug 2007 18:22:34 +0200 (CEST) X-Virus-Scanned: by amavisd-new-2.4.5 (20070130) (Debian) at it-box.org Received: from hostsrv.it-box.org ([127.0.0.1]) by localhost (hostsrv.it-box.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JSYQEKsqEcB2; Sun, 12 Aug 2007 18:22:27 +0200 (CEST) Received: from [192.168.98.50] (unknown [85.30.84.19]) by hostsrv.it-box.org (Postfix) with ESMTP id D729113B770; Sun, 12 Aug 2007 18:22:26 +0200 (CEST) Message-ID: <46BF33C4.6030203@vlaeonline.com> Date: Sun, 12 Aug 2007 18:22:28 +0200 From: Nikola Stojanoski User-Agent: Thunderbird 2.0.0.0 (Windows/20070326) MIME-Version: 1.0 To: Jay Banks References: <002401c7dce1$79fdd8a0$5fbd050c@4BANKS> <006701c7dce6$17e1c7d0$6500a8c0@laptopt> <006d01c7dcec$a0ec6cf0$5fbd050c@4BANKS> In-Reply-To: <006d01c7dcec$a0ec6cf0$5fbd050c@4BANKS> Content-Type: multipart/mixed; boundary="------------010801000103010408020904" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-isp@freebsd.org Subject: Re: PPPOE concentrator troubleshooting X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Aug 2007 16:52:58 -0000 This is a multi-part message in MIME format. --------------010801000103010408020904 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hi, i've never used mpd but i've done some research on it. i'm attaching a file in which you have a generator for mpd.conf for pppoe connections. also i've noticed you have /36 for subnet? i hope this will help you. Regards Jay Banks wrote: > >> Hi Jay >> >> Have a gander at >> >> http://www.hpi.net/whitepapers/warta/ >> Regards >> >> Tim > > I've actually seen that before, and it would be great, except that I > used mpd and not pppoed. And the reason I did that was because mpd was > supposed to be a lot faster and require less resources because it runs > partially in userland and partially in kernal mode. Unfortunately, it > looks like only three or four people actually use mpd (and two of > those people live in Russia and don't know english). Also, tons of > people use PPPoE as a client, so when you try and search for info, you > pull up info on how to configure a client, not a server. > > I noticed in this guy's diagrams he has two nic cards. I also ran into > a Linux "how to" that said two NIC cards were required, one with no IP > address and one with an IP address. > > Anyone know if it can be configured with one NIC card? > > Also, does anyone know what "set ipcp ranges" actually does. It looks > like this in mpd.conf: > > set ipcp ranges 64.238.118.143/36 64.238.118.145/36 > > Sure would be nice if the manual documented stuff like that... I don't > know, maybe it is in there somewhere and I just can't find it??? It's > hard to pms too much when it's free, but darn I would pay money for > some *good* documentaion or for someone to send me all of their config > files from a working PPPoE server....how does $20.00 sound...anyone? :-) > > Thanks, > > Jay > > > > > > > > > > > > > > > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > --------------010801000103010408020904-- From owner-freebsd-isp@FreeBSD.ORG Mon Aug 13 02:41:19 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B657916A417 for ; Mon, 13 Aug 2007 02:41:19 +0000 (UTC) (envelope-from jay.quest4@gmail.com) Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.189]) by mx1.freebsd.org (Postfix) with ESMTP id 8935C13C459 for ; Mon, 13 Aug 2007 02:41:19 +0000 (UTC) (envelope-from jay.quest4@gmail.com) Received: by rv-out-0910.google.com with SMTP id f1so932456rvb for ; Sun, 12 Aug 2007 19:41:19 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:from:to:cc:references:subject:date:mime-version:content-type:content-transfer-encoding:x-priority:x-msmail-priority:x-mailer:x-mimeole; b=e6w5nmM2hguNTM49q2h69Y4DonJAvHykT9L/41/W56BIijEkBx1s1yAVDQNNgmmr5jaLxMkMDoK6ZY03uAOzL4GHzMQpzJZer/BVzD9xDbCxf0qbibWzWS7xmC0dWCqAyspHnxxqNgweiECfRppiHHZUWTXwYFyv8kbbfMoglWc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:from:to:cc:references:subject:date:mime-version:content-type:content-transfer-encoding:x-priority:x-msmail-priority:x-mailer:x-mimeole; b=dSxcT3lk6kbDxxbsgJYyyN/jIvnkVHEYCC72wiws+F2EMHl4/Ztg4ZdfF/gpUtQ5TXhkMUtVSE2nzRHTKWYTjQMWfv02dZnTCE5oDxQ03txcZ4s6AmGwhRSwOwVUARbSYZsxgYMJvyHLC1u8rGy3IZ2ujaBcWKNMIbv5fRIGb1I= Received: by 10.141.21.19 with SMTP id y19mr2343009rvi.1186972874931; Sun, 12 Aug 2007 19:41:14 -0700 (PDT) Received: from 4BANKS ( [12.5.189.71]) by mx.google.com with ESMTPS id b39sm10500345rvf.2007.08.12.19.41.08 (version=SSLv3 cipher=RC4-MD5); Sun, 12 Aug 2007 19:41:10 -0700 (PDT) Message-ID: <00f301c7dd53$67834a30$5fbd050c@4BANKS> From: "Jay Banks" To: References: <002401c7dce1$79fdd8a0$5fbd050c@4BANKS> <006701c7dce6$17e1c7d0$6500a8c0@laptopt> <006d01c7dcec$a0ec6cf0$5fbd050c@4BANKS> <46BF33C4.6030203@vlaeonline.com> Date: Sun, 12 Aug 2007 21:41:05 -0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3028 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 Cc: mpd-users@lists.sourceforge.net Subject: Re: PPPOE concentrator troubleshooting X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Aug 2007 02:41:19 -0000 Thanks for the files. I'll sure look through them. > i've never used mpd but i've done some research on it. i'm attaching a > file in which you have a generator for mpd.conf for pppoe connections. > also i've noticed you have /36 for subnet? >> >> set ipcp ranges 64.238.118.143/36 64.238.118.145/36 That may have been a typo. Is this like DHCP in which it just hands out an address between these ranges? Or is this like security, where the address assigned to the end user must be between this range? The IP address my server is giving my PPPoE client is from the mpd.secret file, which looks something like this (working from memory): jbanks mypassword 64.238.118.211 Note that this IP address is not between the ranges shown above in the "set ipcp ranges." Maybe that is one of the problems? Also, my Mikrotik PPPoE client shows the default route to be that of the PPPoE server (64.238.118.136). That sounds right to me, but again, I don't know. >> set ipcp ranges 64.238.118.143/32 64.238.118.145/32 On the /32, I read somewhere that the PPPoE server will not pass subnet information to the client, just an IP address. I must confess the /32 on the above confuses me as to what it is there for? For the record, I came up with that from a config file I found on the Internet. It could be totally wrong for what I'm trying to do...but it was one of the few config examples I could find, so I ran with it. Thanks for the help, guys, Jay From owner-freebsd-isp@FreeBSD.ORG Mon Aug 13 03:26:01 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 574CF16A417 for ; Mon, 13 Aug 2007 03:26:01 +0000 (UTC) (envelope-from archie.cobbs@gmail.com) Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.185]) by mx1.freebsd.org (Postfix) with ESMTP id D004213C45B for ; Mon, 13 Aug 2007 03:26:00 +0000 (UTC) (envelope-from archie.cobbs@gmail.com) Received: by fk-out-0910.google.com with SMTP id b27so1556897fka for ; Sun, 12 Aug 2007 20:25:59 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:references:x-google-sender-auth; b=AIX+dPznU/pb+S3+eZ5Bs0d1QkZ8+JBupQnoUAd8Y+VZdf730CzUoIii9h7ETz26qDASFX7KVS9pJLF1srfRs/NC3NSvHHqfuHvzNAU8CMBmlKkGDvmPH8zeQZXtTxnFn9+6Zw4ZofFNT06QwKMgTF8+YwoF6qAdzDDoMq59RrA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:references:x-google-sender-auth; b=cANs7CqsXhECfoQn5JgIelJjlkumKSt2BWJT4taZMaIWdlwSRp8EV5LX+4uvIyh74lpB9/Y8Jy6WaDwOj01VAZfiLCwHjcYQpNrZjKxIaZ8Xm7+/0XsEhNfZQJpTGv4+yXOkaL/wyz0/NT5tgKPycfdM3l2PmlowlHKJkE2bPms= Received: by 10.82.111.8 with SMTP id j8mr6193978buc.1186973975058; Sun, 12 Aug 2007 19:59:35 -0700 (PDT) Received: by 10.82.177.16 with HTTP; Sun, 12 Aug 2007 19:59:35 -0700 (PDT) Message-ID: <3bc8237c0708121959j3b189662if8f29870dd397ef2@mail.gmail.com> Date: Sun, 12 Aug 2007 21:59:35 -0500 From: "Archie Cobbs" Sender: archie.cobbs@gmail.com To: "Jay Banks" In-Reply-To: <00f301c7dd53$67834a30$5fbd050c@4BANKS> MIME-Version: 1.0 References: <002401c7dce1$79fdd8a0$5fbd050c@4BANKS> <006701c7dce6$17e1c7d0$6500a8c0@laptopt> <006d01c7dcec$a0ec6cf0$5fbd050c@4BANKS> <46BF33C4.6030203@vlaeonline.com> <00f301c7dd53$67834a30$5fbd050c@4BANKS> X-Google-Sender-Auth: ba14d9dc551e76d5 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-isp@freebsd.org, mpd-users@lists.sourceforge.net Subject: Re: [Mpd-users] PPPOE concentrator troubleshooting X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Aug 2007 03:26:01 -0000 On 8/12/07, Jay Banks wrote: > > >> set ipcp ranges 64.238.118.143/32 64.238.118.145/32 > > On the /32, I read somewhere that the PPPoE server will not > pass subnet information to the client, just an IP address. > > I must confess the /32 on the above confuses me as to > what it is there for? It's not defining a subnet, but rather the range of allowable addresses that will be permitted during negotiation. The IP address itself is the starting point for the negotiation, while the "subnet" defines what other possibilities we will accept. In normal usage, the "client" is configured to accept whatever the "server" suggests for it. Note there are of course two directions/endpoints, hence the two separately negotiated IP addresses. You are correct in that PPP negotiates only the endpoint IP addresses, not subnets (or any other routing related info). Hope this helps. -Archie __________________________________________________________________________ Archie Cobbs * CTO, Awarix * http://www.awarix.com From owner-freebsd-isp@FreeBSD.ORG Tue Aug 14 07:10:59 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D8E5016A418 for ; Tue, 14 Aug 2007 07:10:59 +0000 (UTC) (envelope-from support-return@acronis.com) Received: from support.acronis.com (support.acronis.com [195.214.233.251]) by mx1.freebsd.org (Postfix) with ESMTP id 61D6913C4EE for ; Tue, 14 Aug 2007 07:10:59 +0000 (UTC) (envelope-from support-return@acronis.com) Received: from support.acronis.com (localhost [127.0.0.1]) by support.acronis.com (8.12.8/8.12.8) with ESMTP id l7E70pKl003346 for ; Tue, 14 Aug 2007 11:00:51 +0400 Received: (from apache@localhost) by support.acronis.com (8.12.8/8.12.8/Submit) id l7E70pVZ003345; Tue, 14 Aug 2007 11:00:51 +0400 Date: Tue, 14 Aug 2007 11:00:51 +0400 Message-Id: <200708140700.l7E70pVZ003345@support.acronis.com> MIME-Version: 1.0 X-Mailer: MIME-tools 5.420 (Entity 5.420) Sender: Content-Type: multipart/mixed; boundary="----------=_1187074851-3302-1" To: freebsd-isp@freebsd.org X-RT-Loop-Prevention: Acronis Content-Transfer-Encoding: binary From: support@acronis.com Subject: Re:Your information X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Aug 2007 07:10:59 -0000 This is a multi-part message in MIME format... ------------=_1187074851-3302-1 Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: base64 VGhhbmsgeW91IGZvciBjb250YWN0aW5nIEFjcm9uaXMhCgpJbiBvcmRlciB0 byBpbXByb3ZlIHRoZSBzcGVlZCBhbmQgcXVhbGl0eSBvZiBjdXN0b21lciBz ZXJ2aWNlIEFjcm9uaXMgaW50cm9kdWNlZCBjaGFuZ2VzIGluIGl0cyBzdXBw b3J0IHByYWN0aWNlczogbmV3IHJlcXVlc3RzIHNob3VsZCBiZSBzdWJtaXR0 ZWQgdmlhIHdlYiBmb3JtLgoKVG8gc3VibWl0IGEgbmV3IHJlcXVlc3QsIHBs ZWFzZSBmb2xsb3cgb25lIG9mIHRoZSBsaW5rcyBnaXZlbiBiZWxvdy4KSWYg eW91IGFyZSBhbiBvd25lciBvZiBhbiBBY3JvbmlzIHByb2R1Y3QsIHBsZWFz ZSBjbGljayBoZXJlOgpodHRwczovL3d3dy5hY3JvbmlzLmNvbS9ob21lY29t cHV0aW5nL215L3N1cHBvcnQvaW5kZXguaHRtbD9hYj0xJnVzZXI9ZnJlZWJz ZC1pc3BAZnJlZWJzZC5vcmcKCklmIHlvdSBkbyBub3Qgb3duIGFueSBBY3Jv bmlzIHByb2R1Y3QsIHBsZWFzZSBjbGljayBoZXJlOgpodHRwOi8vd3d3LmFj cm9uaXMuY29tL2hvbWVjb21wdXRpbmcvY29tcGFueS9jb250YWN0cy9yZXF1 ZXN0Lz90PTImZW1haWw9ZnJlZWJzZC1pc3BAZnJlZWJzZC5vcmcKCklmIGNs aWNraW5nIHRoZSBsaW5rIGRvZXMgbm90IG9wZW4gdGhlIGJyb3dzZXIsIHRo ZW4gcGxlYXNlIHNlbGVjdCBvbmUgb2YgdGhlIGxpbmtzIGFib3ZlLCBjb3B5 IGl0IGFuZCBwYXN0ZSBpbnRvIHlvdXIgYnJvd3NlciBhZGRyZXNzIGxpbmUu CgpOb3RlIHRoYXQgeW91IG5lZWQgdG8gc3VibWl0IHlvdXIgcmVxdWVzdCB1 c2luZyB0aGUgb25saW5lIGZvcm0gb25seSBvbmNlLgpBbGwgdGhlIGZ1cnRo ZXIgcmVwbGllcyByZWdhcmRpbmcgc3VibWl0dGVkIHJlcXVlc3QgY2FuIGJl IHNlbnQgdG8gQWNyb25pcyBieSBlbWFpbC4KCldoZW4geW91IHJlY2VpdmUg YSBtYWlsIGFuc3dlciB0byB5b3VyIGZpbGVkIHJlcXVlc3QsIHBsZWFzZSB1 c2UgdGhlIEFuc3dlciBidXR0b24gb2YgeW91ciBtYWlsIHByb2dyYW0gZm9y IHNlbmRpbmcgYSByZXBseSB0byB1cy4gWW91IGRvIG5vdCBuZWVkIHRvIHN1 Ym1pdCB5b3VyIHJlcGxpZXMgdmlhIHdlYiBpbnRlcmZhY2UuCgpZb3UgY2Fu IGFsc28gcXVpY2tseSBmaW5kIHRoZSBhbnN3ZXJzIHRvIHlvdXIgcXVlc3Rp b25zIGluIEFjcm9uaXMgU3VwcG9ydApLbm93bGVkZ2UgQmFzZSBhdCBodHRw Oi8vd3d3LmFjcm9uaXMuY29tL2hvbWVjb21wdXRpbmcvc3VwcG9ydC9rYi8u CgoKQmVzdCByZWdhcmRzLApBY3JvbmlzIEN1c3RvbWVyIFNlcnZpY2UK ------------=_1187074851-3302-1-- From owner-freebsd-isp@FreeBSD.ORG Wed Aug 15 15:06:09 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8B32F16A420 for ; Wed, 15 Aug 2007 15:06:09 +0000 (UTC) (envelope-from jay.quest4@gmail.com) Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.191]) by mx1.freebsd.org (Postfix) with ESMTP id 58D0F13C4B5 for ; Wed, 15 Aug 2007 15:06:09 +0000 (UTC) (envelope-from jay.quest4@gmail.com) Received: by rv-out-0910.google.com with SMTP id l15so165426rvb for ; Wed, 15 Aug 2007 08:06:08 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:from:to:cc:subject:date:mime-version:content-type:x-priority:x-msmail-priority:x-mailer:x-mimeole; b=uIQJkPYjm164xbOkFMUnKtwtmi2Wwne72EyB0VyimN1RvmBERXqs4co2OcpQdX2IkWwxqV4jfC06krY6x1Lwa1IOMeSfo5A7BWTV2Q2kxUMyimI98y+zd+GwobV4vfZoZ1u3kFOcXrawsZw2bmoiQgX1lEK65XCgidDmvBBIfn8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:from:to:cc:subject:date:mime-version:content-type:x-priority:x-msmail-priority:x-mailer:x-mimeole; b=msXLjuAo3qzTof63dEXjLvOdsIwfLKGfok7tuhz9nG4wLBG+jjvtlEVLPJn2Wzi7zFJKNKyJePv4qiX8y1UiFFynxBN9l5MydqvEuarMYB/ZdysvsiBrkTsCyIsCUV1pjNA0ChAu9xT6Lx2poPtBkGkKhKio8UIwjByg4U/Y1j0= Received: by 10.141.155.5 with SMTP id h5mr215741rvo.1187190352651; Wed, 15 Aug 2007 08:05:52 -0700 (PDT) Received: from 4BANKS ( [12.5.189.186]) by mx.google.com with ESMTPS id g22sm2415960rvb.2007.08.15.08.05.45 (version=SSLv3 cipher=RC4-MD5); Wed, 15 Aug 2007 08:05:50 -0700 (PDT) Message-ID: <004301c7df4d$c09ed8e0$babd050c@4BANKS> From: "Jay Banks" To: Date: Wed, 15 Aug 2007 10:05:39 -0500 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3028 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-isp@freebsd.org Subject: re: MPD PPPoE Server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Aug 2007 15:06:09 -0000 Just a note that I did get the server to work. Andre Luiz dos Santos wrote: > Perhaps you're missing proxy-arp: > http://mpd.sourceforge.net/doc/mpd25.html Yes, enabling proxy-arp seems to have fixed the problem. Marty wrote: > As far as using 1 nic I do not believe it is possible. It must be possible, because I only have one NIC and it is working ---=3D-=3D-=3D- With a shared 1.5 Mpbs T1 line, I did a speed test and got 1.2 down and 800 kbps up. The only thing I need to do is figure out is some IP address issues. I configured the following range in mpd.conf (not my real IP addresses): set ipcp ranges 64.238.118.143/32 64.238.118.145/32 In mpd.secret, I configured: jbanks "mypassword" 64.238.118.144/24 When I connect with my Mikrotik PPPoE client, it shows that it was dynamically assigned the IP address of 64.238.118.144 by the PPPoE server. And it shows a default route of: Default route 0.0.0.0/0 gateway 64.238.118.143 It also shows: Destination network 64.238.118.143 Pref. Source = 64.238.118.144 Now the PPPoE server is located at 64.238.118.136 and=20 64.238.118.143 is an unassigned IP address. Everything seems to work fine, but I'm not sure how or why the Mikrotik client is getting a destination network of 64.238.118.143...other than, that IP address was the first address in my set ipcp ranges command. What should the default network be, exactly? The PPPoE server IP address (64.238.118.136) or the network gateway (64.238.118.1), and how exactly can I pass that to the Mikrotik client correctly from = mpd? Thanks for the help, guys! Jay Banks From owner-freebsd-isp@FreeBSD.ORG Wed Aug 15 17:25:47 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9411A16A418 for ; Wed, 15 Aug 2007 17:25:47 +0000 (UTC) (envelope-from akachler@telcom.net) Received: from mail.telcom.net (mail.telcom.net [200.62.2.251]) by mx1.freebsd.org (Postfix) with ESMTP id 4654913C469 for ; Wed, 15 Aug 2007 17:25:47 +0000 (UTC) (envelope-from akachler@telcom.net) Received: from [192.168.1.8] (adsl-223-193-186.mia.bellsouth.net [68.223.193.186]) by mail.telcom.net (8.13.8/8.13.6) with ESMTP id l7FH92Y4006282 for ; Wed, 15 Aug 2007 13:09:02 -0400 (EDT) (envelope-from akachler@telcom.net) Message-ID: <46C33328.6050700@telcom.net> Date: Wed, 15 Aug 2007 13:08:56 -0400 From: Arie Kachler Organization: Telcom.Net User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: FreeBSD ISP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: security question X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: akachler@telcom.net List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Aug 2007 17:25:47 -0000 Hello, This may not be the best place to ask, but I know all readers of this list have security experience (we have no other choice). We have many Freebsd servers with apache/php/mysql. Recently, some of these have been sending out large amounts of emails. We know the servers are secure in the sense they are fully patched. But we also know that the most secure shared server can be abused by a badly written php script. So my question is this: Is there a way to identify vulenrable php scripts? It's very difficult to pinpoint when the server starts sending out emails. We just notice that they do, without any identifyable correlation to anything on the logs. A related question: Can we audit which php script is calling sendmail? Any advice will be greatly appreciated. Arie Kachler Systems Administrator Telcom.Net From owner-freebsd-isp@FreeBSD.ORG Wed Aug 15 21:03:00 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D298916A418 for ; Wed, 15 Aug 2007 21:03:00 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from mail-out3.apple.com (mail-out3.apple.com [17.254.13.22]) by mx1.freebsd.org (Postfix) with ESMTP id B973913C48E for ; Wed, 15 Aug 2007 21:03:00 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from relay7.apple.com (relay7.apple.com [17.128.113.37]) by mail-out3.apple.com (Postfix) with ESMTP id A4121E95BC2; Wed, 15 Aug 2007 14:03:00 -0700 (PDT) Received: from relay7.apple.com (unknown [127.0.0.1]) by relay7.apple.com (Symantec Mail Security) with ESMTP id 8FB66304BC; Wed, 15 Aug 2007 14:03:00 -0700 (PDT) X-AuditID: 11807125-a3220bb0000007e5-f0-46c36a04a14d Received: from [17.214.13.96] (cswiger1.apple.com [17.214.13.96]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by relay7.apple.com (Apple SCV relay) with ESMTP id 7C45330084; Wed, 15 Aug 2007 14:03:00 -0700 (PDT) In-Reply-To: <46C33328.6050700@telcom.net> References: <46C33328.6050700@telcom.net> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Chuck Swiger Date: Wed, 15 Aug 2007 14:02:59 -0700 To: akachler@telcom.net X-Mailer: Apple Mail (2.752.2) X-Brightmail-Tracker: AAAAAA== Cc: FreeBSD ISP Subject: Re: security question X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Aug 2007 21:03:00 -0000 On Aug 15, 2007, at 10:08 AM, Arie Kachler wrote: > We have many Freebsd servers with apache/php/mysql. > Recently, some of these have been sending out large amounts of > emails. We know the servers are secure in the sense they are fully > patched. But we also know that the most secure shared server can be > abused by a badly written php script. Certainly anyone with access to create new scripts can misuse the available resources, agreed. > So my question is this: > Is there a way to identify vulenrable php scripts? I tend to assume that all PHP scripts are vulnerable, and history tends to support the notion that PHP has a miserable security track record. > It's very difficult to pinpoint when the server starts sending out > emails. We just notice that they do, without any identifyable > correlation to anything on the logs. > > A related question: > Can we audit which php script is calling sendmail? Well, you could set up your mailserver to require that users must authenticate via SMTP AUTH before they are allowed to relay email. This would mean that the PHP scripts would need to authenticate as a particular user account, which would then let you see which scripts are generating the mail. It would also help block malicious scripts which have not been setup to auth before sending the email... -- -Chuck From owner-freebsd-isp@FreeBSD.ORG Wed Aug 15 21:51:03 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4EF9B16A418 for ; Wed, 15 Aug 2007 21:51:03 +0000 (UTC) (envelope-from netsecuredata@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.179]) by mx1.freebsd.org (Postfix) with ESMTP id 2472713C46A for ; Wed, 15 Aug 2007 21:51:03 +0000 (UTC) (envelope-from netsecuredata@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so59019waf for ; Wed, 15 Aug 2007 14:51:02 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=rJKrn0aU7bY/ys5F6VjQ/LYL1OTEgUYADppJROdOeqpCwPaZX0h+ShvFi6XP4rp9ZaBDfb4jJUHaGMlv7+3cRrecqKv04Cl4rW2bWNUEQKmlz9ZBapfSxahSm1gMQ6tBBxM26DD63MlOcm0I9c8lNX1yALFY6ZAkeGEty5f1GWs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=bZKFo+qIBzLid4gENrwjDebk/FSlBPul/JihotT3OQOG0zkGFKlajYhxrxrkTmnZH9QSKsr4x7RfHqkijjAHtsgJbaoDs82ttkhSI87MjYktuHlmYtOZ0klIEPCLP3/ofn+oZLSUzi2vsBN7o3uICB8AziYjxLJ3jYhtKCZFyF4= Received: by 10.114.184.7 with SMTP id h7mr1066439waf.1187213107522; Wed, 15 Aug 2007 14:25:07 -0700 (PDT) Received: by 10.114.108.6 with HTTP; Wed, 15 Aug 2007 14:25:07 -0700 (PDT) Message-ID: Date: Wed, 15 Aug 2007 16:25:07 -0500 From: "Jorge Evangelista" To: freebsd-isp@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <46C33328.6050700@telcom.net> Subject: Re: security question X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Aug 2007 21:51:03 -0000 Hi, I use SMTP AUTH via php, it works fine and it is more safer, you have to install modules PEAR (MAIL and Auth_SASL). Also, you can identify some attacks php if you compile with your apache mod_security, it will create a log /usr/local/apache/logs/alert. Also mod_evasive for DDoS attacks. On 8/15/07, Chuck Swiger wrote: > On Aug 15, 2007, at 10:08 AM, Arie Kachler wrote: > > We have many Freebsd servers with apache/php/mysql. > > Recently, some of these have been sending out large amounts of > > emails. We know the servers are secure in the sense they are fully > > patched. But we also know that the most secure shared server can be > > abused by a badly written php script. > > Certainly anyone with access to create new scripts can misuse the > available resources, agreed. > > > So my question is this: > > Is there a way to identify vulenrable php scripts? > > I tend to assume that all PHP scripts are vulnerable, and history > tends to support the notion that PHP has a miserable security track > record. > > > It's very difficult to pinpoint when the server starts sending out > > emails. We just notice that they do, without any identifyable > > correlation to anything on the logs. > > > > A related question: > > Can we audit which php script is calling sendmail? > > Well, you could set up your mailserver to require that users must > authenticate via SMTP AUTH before they are allowed to relay email. > This would mean that the PHP scripts would need to authenticate as a > particular user account, which would then let you see which scripts > are generating the mail. It would also help block malicious scripts > which have not been setup to auth before sending the email... > > -- > -Chuck > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > -- "The network is the computer" From owner-freebsd-isp@FreeBSD.ORG Thu Aug 16 09:54:02 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A473616A419 for ; Thu, 16 Aug 2007 09:54:02 +0000 (UTC) (envelope-from jcoder@lsh209.chi.us.siteprotect.com) Received: from lsh209.chi.us.siteprotect.com (lsh209.chi.us.siteprotect.com [64.26.63.22]) by mx1.freebsd.org (Postfix) with ESMTP id 8F79B13C468 for ; Thu, 16 Aug 2007 09:54:02 +0000 (UTC) (envelope-from jcoder@lsh209.chi.us.siteprotect.com) Received: by lsh209.chi.us.siteprotect.com (Postfix, from userid 11924) id 874942B31C; Thu, 16 Aug 2007 04:35:54 -0500 (CDT) To: freebsd-isp@freebsd.org From: mysql_newsletter@navicat.com Message-Id: <20070816093554.874942B31C@lsh209.chi.us.siteprotect.com> Date: Thu, 16 Aug 2007 04:35:54 -0500 (CDT) Subject: Navicat 8.0 for MySQL (Windows) is now available. More than 100 new and improved features! X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: mysql_newsletter@navicat.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Aug 2007 09:54:02 -0000 Dear Navicat users, Navicat 8.0 for MySQL (Windows) is now available. There are more than 100 new and improved features! Our 20% Discount is offered till end of August (URL - http://www.navicat.com/promotion_summer.html ). Download Information: Navicat 8.0 for MySQL (Windows) (30 days demo version) =============================================================================== Download link: http://www.navicat.com/download/navicat8_mysql_en.exe =============================================================================== Navicat 8.0 for MySQL (Windows) Release notes - http://www.navicat.com/release_notes_win.html . Major new features: Code Completion - Speedup your sql writing. Form View - Input record via form view. New Profile System - Open profile on your desktop directly. Virtual Grouping - Provides better categorization for objects. Event Scheduler - New MySQL feature as of MySQL 5.1. Report Export - Export report to pdf, html and more. Other Enhancements: Compatible with any MySQL server version up to 5.1.x. Incremental Search, Hex Editor and more supports in Table View. Usability enhancement in Table Design. Many other improvements on features and user-friendliness. *** 20% Discount *** Navicat users can purchase Navicat at 20% discount before 31st August. To order at the special price, please visit at: http://www.navicat.com/promotion_summer.html . If you would like to buy a bundle or multiple licenses, please contact us at sales@navicat.com to get a quote. ** Remark ** : Navicat 7.0 for MySQL (Mac OS X) is now available. Release notes - http://www.navicat.com/release_notes_mac.html . If you have purchased Navicat already, please visit our Upgrade System at http://support.navicat.com/upgrade.php to retrieve latest version . Once again, we would like to thank you for your interest in our product! -- Sincerely, Navicat Support Center -------------------------------------------------- Navicat - the gateway to MySQL & PostgreSQL http://www.navicat.com -------------------------------------------------- This email is brought to you by PremiumSoft CyberTech Ltd, If you receive this email, you have downloaded our software. If you would like to unsubscribe, please reply with subject "unsubscribe". Thank you. From owner-freebsd-isp@FreeBSD.ORG Fri Aug 17 12:26:20 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AB5A416A417 for ; Fri, 17 Aug 2007 12:26:20 +0000 (UTC) (envelope-from ovb@ovb.ch) Received: from ovbis01.ovb.ch (ovbis01.ovb.ch [213.188.32.144]) by mx1.freebsd.org (Postfix) with ESMTP id 71A3713C45E for ; Fri, 17 Aug 2007 12:26:20 +0000 (UTC) (envelope-from ovb@ovb.ch) Received: from ovbas00.ovb.ch ([213.180.173.192] helo=[192.168.30.100]) by ovbis01.ovb.ch with esmtp (Exim 4.51) id 1IM0bs-000CjL-Cx for freebsd-isp@freebsd.org; Fri, 17 Aug 2007 14:07:24 +0200 Message-ID: <46C58FBD.4060607@ovb.ch> Date: Fri, 17 Aug 2007 14:08:29 +0200 From: Oliver von Bueren User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: <002401c7dce1$79fdd8a0$5fbd050c@4BANKS> <006701c7dce6$17e1c7d0$6500a8c0@laptopt> <006d01c7dcec$a0ec6cf0$5fbd050c@4BANKS> <46BF33C4.6030203@vlaeonline.com> <00f301c7dd53$67834a30$5fbd050c@4BANKS> In-Reply-To: <00f301c7dd53$67834a30$5fbd050c@4BANKS> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: PPPOE concentrator troubleshooting X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Aug 2007 12:26:20 -0000 Jay Banks wrote: >> set ipcp ranges 64.238.118.143/32 64.238.118.145/32 > > On the /32, I read somewhere that the PPPoE server will not > pass subnet information to the client, just an IP address. > > I must confess the /32 on the above confuses me as to > what it is there for? > For the record, I came up with that from a config file I > found on the Internet. It could be totally wrong for what > I'm trying to do...but it was one of the few config examples > I could find, so I ran with it. Hi Jay If I followed this thread correctly, you've been able to connect and your client go an IP address out of the configured range and could ping the host itself. I don't know that software either, but what pops into my mind is that it might be a routing problem on your border router of your network and not your box itself. Did you do a traceroute to one of the client addresses from another(!) box? Is the first hop your border router and then it goes on to your upstream provider? If yes, fix that. I assume, to just make an example of your network configuration, that the ip network your box connects to has the address range 64.238.118.0/24, your gateway to the internet is 64.238.118.1, which in turn is set as your default route on the box as well as on all the other servers connected to that network. Your box we assume has .10 as it's address and you have the addresses .143 to .145 for your PPPoE clients reserved. Now, does your border router .1 know, that it has to route these three addresses to the your box? To make it simpler for the router. I'd suggest you take a "better" subnet, say 144 to 147, meaning a real two-bit subnet. Then do the following on your border router: route add -net 64.238.118.144 64.238.118.10 255.255.255.252 Now the border router sends all the packets for that subnet to your box on .10 (test with traceroute from another server) from where it should go on to the clients, if the box does the routing of IP packets. BTW: I've seen your other message about proxy arp just now, which fixes the issue as well, but I'd discourage that if you can configure the router correctly to route all addresses your clients will get directly from the router to your box. -- Oliver