Date: Tue, 3 Jan 2006 18:00:12 -0500 From: "fbsd_user" <fbsd_user@a1poweruser.com> To: "perikillo" <perikillo@gmail.com>, <freebsd-questions@freebsd.org> Subject: RE: ipnat -CF -f /etc/ipnat.rules Message-ID: <MIEPLLIBMLEEABPDBIEGMEAEHLAA.fbsd_user@a1poweruser.com> In-Reply-To: <51d7a5160601021511m23e82acn3c3fecd94895d030@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/2/06, fbsd_user <fbsd_user@a1poweruser.com> wrote: > I see "tun" in your ipnat rule. > That means you are using ppp for phone dialup connection. > Every time you lose your phone connection you get different IP from > your ISP. > Use NAT function of PPP and not ipnat and your problem will go away. > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of caleb > Sent: Friday, December 30, 2005 9:16 PM > To: freebsd-questions@freebsd.org > Subject: ipnat -CF -f /etc/ipnat.rules > > > Hi everyone, > I have just put together a router/firewall using 5.4 > RELEASE > and IPFILTER. Everything is working fine except I have to manually > flush > the NAT table every time the router boots. below is my rc.conf and > ipnat.rules, I have used rc.conf to start everything at boot; > > /* rc.conf */ > > gateway_enable="YES" > sshd_enable="YES" > ifconfig_rl1="inet 10.0.0.1 netmask 255.255.255.0" > ifconfig_rl0="inet 192.168.0.1 netmask 255.255.255.0" > hostname="tweak" > ipfilter_enable="YES" > ipfilter_rules="/etc/ipf.rules" > ipmon_enable="YES" > ipmon_flags="-Ds" > ipnat_enable="YES" > ipnat_rules="/etc/ipnat.rules" > ppp_enable="YES" > ppp_mode="ddial" > ppp_nat="NO" > ppp_profile="netspace" > ppp_user="root" > > /* ipnat.rules */ > > map tun0 192.168.0.0/24 -> 0/32 > > > Is there something I am missing? I do not think it is ipf, as I have > configured it to allow everything in and out. Could you please CC me > if > you decide to help. > > Thankyou, > > caleb > -- > > Well i use PPPoE protocol, i have never try the same ppp program to handle the NAT thing, them i disable ipnat or what...? I need to understand this very clear. Thanks for your tip. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" You are not configured correctly. This statement ifconfig_rl0="inet 192.168.0.1 netmask 255.255.255.0" is forceing that ip addr to be used and its wrong. you have to get ip assigned by your isp. Follow this example. Which means you can use ipnat or ppp nat. #################### start of ppp.conf ################### default: set log Phase tun #use to avoid excessive log sizes set timeout 0 # no idle time out, will not disconnect dialisp: set device PPPoE:XXX # replace xxx with your NIC device name set authname YOURLOGINNAME # Replace with your ISP account username set authkey YOURPASSWORD # Replace with your ISP account password add default HISADDR # Add a (sticky) default route (Mandatory) enable dns # Gets the ISP's DNS IP address & places them # in resolv.conf for reference by FBSD box. ############### End of ppp.conf ################################# Replace the XXX in the [set device PPPoE:XXX] statement with the NIC's FBSD interface name. Sometimes it will be necessary to use a service tag to establish your connection depending on how your ISP and/or the phone company has its DSL network configured. Service tags are used to distinguish between different PPPoE servers attached to a given network. You should have been given any required service tag information in the documentation provided by your ISP. If you cannot locate it there, ask your ISP's tech support personnel. This is the format of the command with the service tag added: set device PPPoE:xxxx:service_tag (in your case xxxx = rl0) The xxxx is the FBSD interface name used by PPPoE. The interface must be UP (IE: enabled). It is only used as a transport, and does not need to be assigned an IP address. This can be done automatically at boot time by updating the /etc/rc.conf file. The format of the statement to add is ifconfig_xxxx=up where xxxx is the NIC's FBSD interface name used by PPPoE that you specified in the /etc/ppp/ppp.conf file. ee /etc/rc.conf # add following statements ifconfig_xxxx=up # (in your case xxxx = rl0) ifconfig_tun0="DHCP" # get your ISP assigned IP address To setup user ppp to dial your ISP automatically at FBSD boot time, you have to add the following statements to the rc.conf file. The ddial option means to redial every time the connection to the ISP gets dropped. ee /etc/rc.conf # Activate user ppp auto start at boot time ppp_enable="YES" # Start User PPP task ppp_mode="ddial" # ddial, auto, background ppp_profile="dialisp" # section in ppp.conf to exec #ppp_nat="YES" # only if you have LAN behind this PC. # deactivate ipfilter Nat function (comment statements out) #ipnat_enable="YES" #ipnat_rules="/etc/ipnat.rules"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGMEAEHLAA.fbsd_user>