From owner-freebsd-questions@FreeBSD.ORG Wed Jun 18 15:41:07 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5DA9E449 for ; Wed, 18 Jun 2014 15:41:07 +0000 (UTC) Received: from server1.xenet.de (server1out.xenet.de [213.221.94.200]) by mx1.freebsd.org (Postfix) with ESMTP id CBFB12175 for ; Wed, 18 Jun 2014 15:41:05 +0000 (UTC) Received: from [10.0.0.32] (intern.xenet.de [213.221.94.50]) (authenticated bits=0) by server1.xenet.de (8.12.5/8.12.5) with ESMTP id s5IFZdBf091668 for ; Wed, 18 Jun 2014 17:35:47 +0200 (CEST) (envelope-from meyser@xenet.de) Message-ID: <53A1B1C8.4090406@xenet.de> Date: Wed, 18 Jun 2014 17:35:36 +0200 From: Matthias Meyser Organization: XeNET GmbH, Clausthal-Zellerfeld User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: pppoe with ppp and pf nat - problems booting References: <53A089F8.4060409@gooch.io> In-Reply-To: <53A089F8.4060409@gooch.io> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.38 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jun 2014 15:41:07 -0000 Am 17.06.2014 20:33, schrieb Jesse Gooch: > Hello all! > > I've just set up an i386 box as my router with FreeBSD 10-RELEASE > (updated with freebsd-update). I have two interfaces: sk0 and rl0. sk0 > is configured in ppp.conf for pppoe to my DSL modem. rl0 is configured > to a local IP, and I have pf set up for NAT and some port forwarding. > Unfortunately on boot pf does not get set up since tun0 (created by ppp) > does not exist when pf loads, so my ruleset is not loaded! > > This requires me to reload the pf ruleset whenever I reboot. Another > problem with this approach is ntpdate fails to set time properly on boot > as well (although this may be ppp taking a little while to get the > connection set up). > > How can I get my system to just work when I boot up? I've copypasta'd > the related conf files with names changed to protect the innocent below. in /etc/rc.conf use cloned_interfaces="tun0" to create "tun0" early and ppp_unit="0" to instruct ppp to user the existing "tun0" and not a new tun device. > > ---ppp.conf--- > default: > set log Phase tun command > disable ipv6 > > name_of_isp: > disable ipv6 > set device PPPoE:sk0 > set authname isp_un > set authkey isp_pw > set dial > set login > add default HISADDR > add default HISADDR6 > enable dns > --- > > ---rc.conf--- > hostname="my_hostname" > #this address is assigned to sk0 so I can access the administration page > of my modem > ifconfig_sk0="inet 192.168.1.100 netmask 255.255.255.0" > ifconfig_rl0="inet 192.168.42.1 netmask 255.255.255.0" > gateway_enable="YES" > pf_enable="YES" > pflog_enable="YES" > ppp_enable="YES" > ppp_mode="ddial" > ppp_nat="NO" > ppp_profile="name_of_isp" > dhcpd_enable="YES" > dhcpd_ifaces="rl0" > named_enable="YES" > ddclient_enable="YES" > sshd_enable="YES" > #ntpdate_enable="YES" > #ntpdate_flags="-t 30 _timeservers_" > ntpd_enable="YES" > powerd_enable="YES" > # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable > dumpdev="AUTO" > --- > > ---pf.conf--- > # Macros > ext_if = "tun0" > lan_if = "rl0" > lan_ip = "192.168.42.0/24" > > # Tables > > # Options > > # Traffic Normalization > scrub in on $ext_if all fragment reassemble > > # Queueing > > # Translation > nat pass on $ext_if from $lan_ip to any -> {$ext_if} > #some redirect rules removed for port forwarding here > > # Packet Filtering > block in on $ext_if all > pass out on $ext_if all keep state > pass in on $lan_if all > pass out on $lan_if all > --- > Matthias -- Matthias Meyser | XeNET GmbH Tel.: +49-5323-9489050 | 38678 Clausthal-Zellerfeld, Marktstrasse 40 Fax: +49-5323-9489059 | Registergericht: Amtsgericht Braunschweig HRB 110823 Email: Meyser@xenet.de | Geschaeftsfuehrer: Matthias Meyser