Date: Wed, 18 Jun 2014 17:35:36 +0200 From: Matthias Meyser <meyser@xenet.de> To: freebsd-questions@freebsd.org Subject: Re: pppoe with ppp and pf nat - problems booting Message-ID: <53A1B1C8.4090406@xenet.de> In-Reply-To: <53A089F8.4060409@gooch.io> References: <53A089F8.4060409@gooch.io>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 17.06.2014 20:33, schrieb Jesse Gooch:
> Hello all!
>
> I've just set up an i386 box as my router with FreeBSD 10-RELEASE
> (updated with freebsd-update). I have two interfaces: sk0 and rl0. sk0
> is configured in ppp.conf for pppoe to my DSL modem. rl0 is configured
> to a local IP, and I have pf set up for NAT and some port forwarding.
> Unfortunately on boot pf does not get set up since tun0 (created by ppp)
> does not exist when pf loads, so my ruleset is not loaded!
>
> This requires me to reload the pf ruleset whenever I reboot. Another
> problem with this approach is ntpdate fails to set time properly on boot
> as well (although this may be ppp taking a little while to get the
> connection set up).
>
> How can I get my system to just work when I boot up? I've copypasta'd
> the related conf files with names changed to protect the innocent below.
in /etc/rc.conf use
cloned_interfaces="tun0"
to create "tun0" early
and
ppp_unit="0"
to instruct ppp to user the existing "tun0"
and not a new tun device.
>
> ---ppp.conf---
> default:
> set log Phase tun command
> disable ipv6
>
> name_of_isp:
> disable ipv6
> set device PPPoE:sk0
> set authname isp_un
> set authkey isp_pw
> set dial
> set login
> add default HISADDR
> add default HISADDR6
> enable dns
> ---
>
> ---rc.conf---
> hostname="my_hostname"
> #this address is assigned to sk0 so I can access the administration page
> of my modem
> ifconfig_sk0="inet 192.168.1.100 netmask 255.255.255.0"
> ifconfig_rl0="inet 192.168.42.1 netmask 255.255.255.0"
> gateway_enable="YES"
> pf_enable="YES"
> pflog_enable="YES"
> ppp_enable="YES"
> ppp_mode="ddial"
> ppp_nat="NO"
> ppp_profile="name_of_isp"
> dhcpd_enable="YES"
> dhcpd_ifaces="rl0"
> named_enable="YES"
> ddclient_enable="YES"
> sshd_enable="YES"
> #ntpdate_enable="YES"
> #ntpdate_flags="-t 30 _timeservers_"
> ntpd_enable="YES"
> powerd_enable="YES"
> # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
> dumpdev="AUTO"
> ---
>
> ---pf.conf---
> # Macros
> ext_if = "tun0"
> lan_if = "rl0"
> lan_ip = "192.168.42.0/24"
>
> # Tables
>
> # Options
>
> # Traffic Normalization
> scrub in on $ext_if all fragment reassemble
>
> # Queueing
>
> # Translation
> nat pass on $ext_if from $lan_ip to any -> {$ext_if}
> #some redirect rules removed for port forwarding here
>
> # Packet Filtering
> block in on $ext_if all
> pass out on $ext_if all keep state
> pass in on $lan_if all
> pass out on $lan_if all
> ---
>
Matthias
--
Matthias Meyser | XeNET GmbH
Tel.: +49-5323-9489050 | 38678 Clausthal-Zellerfeld, Marktstrasse 40
Fax: +49-5323-9489059 | Registergericht: Amtsgericht Braunschweig HRB
110823
Email: Meyser@xenet.de | Geschaeftsfuehrer: Matthias Meyser
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53A1B1C8.4090406>