From owner-freebsd-questions@FreeBSD.ORG Tue Mar 16 16:00:54 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 22E5B16A4CE for ; Tue, 16 Mar 2004 16:00:54 -0800 (PST) Received: from buffnet4.buffnet.net (buffnet4.buffnet.net [205.246.19.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8742343D1F for ; Tue, 16 Mar 2004 16:00:53 -0800 (PST) (envelope-from mtech@buffnet.net) Received: from buffnet5.buffnet.net (buffnet5.buffnet.net [205.246.19.14]) by buffnet4.buffnet.net (8.12.8/8.8.7) with ESMTP id i2H012b5063676 for ; Tue, 16 Mar 2004 19:01:02 -0500 (EST) (envelope-from mtech@buffnet.net) Date: Tue, 16 Mar 2004 19:00:47 -0500 (EST) From: Mohsin Rahman To: FreeBSD Questions In-Reply-To: <4051FA06.8050907@mac.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: NAT & PPPoE (detailed email) --FIXED X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Mar 2004 00:00:54 -0000 To all that helped.. the NAT & Verizon PPPoE setup is working great. Firewall rules are in.. and now working on squid. Thank you all. I knew this list is great! This is how things are setup: /etc/rc.conf defaultrouter="" hostname="fw.somehost.com" ppp_enable="YES" ppp_mode="auto" ppp_nat="YES" ppp_profile="papchap" ppp_user="root" ifconfig_fxp0="UP" ifconfig_fxp1="inet 192.168.1.1 netmask 255.255.255.0" ifconfig_tun0="DHCP" gateway_enable="YES" firewall_enable="YES" firewall_script="/etc/rc.firewall" firewall_type="OPEN" firewall_quiet="YES" /etc/ppp/ppp.conf default: #PPPoE: PPP over Ethernet set device PPPoE:fxp0 set speed sync set mru 1492 set mtu 1492 set ctsrts off enable lqr set log phase tun local set ifaddr 10.0.0.1/0 192.168.1.1/0 add default HISADDR enable dns nat enable yes nat same_ports yes papchap: set authname {username} set authkey {password} ifconfig: fxp0: flags=8843 mtu 1500 inet6 fe80::280:5fff:fed7:8892%fxp0 prefixlen 64 scopeid 0x1 ether 00:80:5f:d7:88:92 media: Ethernet autoselect (100baseTX ) status: active fxp1: flags=8843 mtu 1500 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::2a0:c9ff:feaa:d54c%fxp1 prefixlen 64 scopeid 0x2 ether 00:a0:c9:aa:d5:4c media: Ethernet autoselect (100baseTX ) status: active tun0: flags=8051 mtu 1492 inet 10.0.0.1 --> 192.168.1.1 netmask 0xffffffff inet 141.149.140.76 --> 10.15.1.1 netmask 0xffffffff Opened by PID 56 I also took out "options NETGRAPH" from the kernel and rebuilt it. Works just fine. Eventually I'll post it on my website someday. Thanks. -- Mohsin AbdulRahman MTech@BuffNET.Net On Fri, 12 Mar 2004, Chuck Swiger wrote: > Mohsin Rahman wrote: > > Thank you. I will try tun0 as my nat interface. However, if lets say, the > > modem drops the connection and the next attempt to access the internet, > > wouldn't FreeBSD assign the new ip address to tun1 and basically render > > tun0 nat useless? A better solution might be to let do ppp -nat perhaps. I > > will test and post my results. Thanks. > > You should have ppp do the NAT, yes. If you use ppp with the -auto or -ddial, > you can have on-demand dialing where ppp will attempt to bring up the link if > it drops. That means NAT should handle the link drop better (since ppp knows > to use the new connection's IP), and it also means that your firewall rules > can simply use tun0. > > /etc/ppp/ppp.conf should contain something like: > > default: > set log local connect ipcp lcp lqm chat > # set log all > ident user-ppp VERSION (built COMPILATIONDATE) > enable lqr > set server 3000 xxxxx > set timeout 1200 # 20 minute idle timer > # enable dns # request DNS info (for resolv.conf) > set device PPPoE:fxp0:verizon > set login > set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \ > \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT" > set urgent udp +53 > set urgent tcp +53 > set urgent udp +123 > set urgent tcp +123 > set ifaddr 162.84.171.0/0 10.3.23.0/0 255.255.255.255 0.0.0.0 > add! default HISADDR # Add a (sticky) default route > nat enable yes > nat use_sockets yes > nat same_ports yes > nat port tcp 192.168.1.3:6667 6667 > > verizon: > set authname xxxxx > set authkey xxxxx > > [ ... ] > -- > -Chuck > >