Date: Tue, 16 Mar 2004 19:00:47 -0500 (EST) From: Mohsin Rahman <mtech@buffnet.net> To: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: NAT & PPPoE (detailed email) --FIXED Message-ID: <Pine.BSF.4.05.10403161857030.23038-100000@buffnet5.buffnet.net> In-Reply-To: <4051FA06.8050907@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
To all that helped.. the NAT & Verizon PPPoE setup is working great.
Firewall rules are in.. and now working on squid.
Thank you all. I knew this list is great!
This is how things are setup:
/etc/rc.conf
defaultrouter=""
hostname="fw.somehost.com"
ppp_enable="YES"
ppp_mode="auto"
ppp_nat="YES"
ppp_profile="papchap"
ppp_user="root"
ifconfig_fxp0="UP"
ifconfig_fxp1="inet 192.168.1.1 netmask 255.255.255.0"
ifconfig_tun0="DHCP"
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="OPEN"
firewall_quiet="YES"
/etc/ppp/ppp.conf
default:
#PPPoE: PPP over Ethernet
set device PPPoE:fxp0
set speed sync
set mru 1492
set mtu 1492
set ctsrts off
enable lqr
set log phase tun local
set ifaddr 10.0.0.1/0 192.168.1.1/0
add default HISADDR
enable dns
nat enable yes
nat same_ports yes
papchap:
set authname {username}
set authkey {password}
ifconfig:
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::280:5fff:fed7:8892%fxp0 prefixlen 64 scopeid 0x1
ether 00:80:5f:d7:88:92
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::2a0:c9ff:feaa:d54c%fxp1 prefixlen 64 scopeid 0x2
ether 00:a0:c9:aa:d5:4c
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
inet 10.0.0.1 --> 192.168.1.1 netmask 0xffffffff
inet 141.149.140.76 --> 10.15.1.1 netmask 0xffffffff
Opened by PID 56
I also took out "options NETGRAPH" from the kernel and rebuilt it. Works
just fine. Eventually I'll post it on my website someday. Thanks.
--
Mohsin AbdulRahman
MTech@BuffNET.Net
On Fri, 12 Mar 2004, Chuck Swiger wrote:
> Mohsin Rahman wrote:
> > Thank you. I will try tun0 as my nat interface. However, if lets say, the
> > modem drops the connection and the next attempt to access the internet,
> > wouldn't FreeBSD assign the new ip address to tun1 and basically render
> > tun0 nat useless? A better solution might be to let do ppp -nat perhaps. I
> > will test and post my results. Thanks.
>
> You should have ppp do the NAT, yes. If you use ppp with the -auto or -ddial,
> you can have on-demand dialing where ppp will attempt to bring up the link if
> it drops. That means NAT should handle the link drop better (since ppp knows
> to use the new connection's IP), and it also means that your firewall rules
> can simply use tun0.
>
> /etc/ppp/ppp.conf should contain something like:
>
> default:
> set log local connect ipcp lcp lqm chat
> # set log all
> ident user-ppp VERSION (built COMPILATIONDATE)
> enable lqr
> set server 3000 xxxxx
> set timeout 1200 # 20 minute idle timer
> # enable dns # request DNS info (for resolv.conf)
> set device PPPoE:fxp0:verizon
> set login
> set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
> \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"
> set urgent udp +53
> set urgent tcp +53
> set urgent udp +123
> set urgent tcp +123
> set ifaddr 162.84.171.0/0 10.3.23.0/0 255.255.255.255 0.0.0.0
> add! default HISADDR # Add a (sticky) default route
> nat enable yes
> nat use_sockets yes
> nat same_ports yes
> nat port tcp 192.168.1.3:6667 6667
>
> verizon:
> set authname xxxxx
> set authkey xxxxx
>
> [ ... ]
> --
> -Chuck
>
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10403161857030.23038-100000>