From owner-freebsd-net@FreeBSD.ORG Wed Nov 19 22:31:24 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4897E16A4CF; Wed, 19 Nov 2003 22:31:24 -0800 (PST) Received: from apollo.laserfence.net (apollo.laserfence.net [196.44.69.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5D79643F3F; Wed, 19 Nov 2003 22:31:21 -0800 (PST) (envelope-from will@unfoldings.net) Received: from [127.0.0.1] (helo=localhost) by apollo.laserfence.net with esmtp (Exim 4.24; FreeBSD) id 1AMiLT-000Eqi-9J; Thu, 20 Nov 2003 08:31:15 +0200 Received: from apollo.laserfence.net ([127.0.0.1]) by localhost (apollo.laserfence.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 54921-06; Thu, 20 Nov 2003 08:30:58 +0200 (SAST) Received: from [192.168.255.1] (helo=prometheus.home.laserfence.net) by apollo.laserfence.net with esmtp (Exim 4.24; FreeBSD) id 1AMiL9-000EqQ-S6; Thu, 20 Nov 2003 08:30:57 +0200 Received: from arista.home.laserfence.net ([192.168.0.10] helo=arista) by prometheus.home.laserfence.net with smtp (Exim 4.10) id 1AMiL3-000Nn0-00; Thu, 20 Nov 2003 08:30:49 +0200 Message-ID: <01e301c3af2f$ee2a2910$0a00a8c0@arista> From: "Willie Viljoen" To: "Colin Watson" , , References: <01ab01c3af02$caa85250$0b4e1151@blackbox> Date: Thu, 20 Nov 2003 08:31:28 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by amavisd-new at laserfence.net Subject: Re: Connecting subnet over PPP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 06:31:24 -0000 If you are seeing ARP requests for a subnet which is routed, it is more than likely that some router somewhere doesn't know it is routed. ARP requests are only sent when a system is trying to contact an IP address *it* believes to be on the same physical network as itself. Make sure routers on your side (before the FreeBSD box) know to route that subnet via the BSD box. Also, make sure the subnet mask on the D-Link router at the client side is configured correctly. If all else fails, you might want to try doing proxyarp with pppoed, this is problematic at best though, and should not be used if there is a router on the other side, only if clients are routing directly via your pppoed, and if the addresses are actually on a physical network on your side, and to be "mirrored" to them. This is the wrong way to do it, but it is supported, as many ISPs did this in the past... it was the only way to do it with Windows NT RAS servers. Will ----- Original Message ----- From: "Colin Watson" To: ; Sent: Thursday, November 20, 2003 3:08 AM Subject: Connecting subnet over PPP > Hi, > I am using the userland ppp with pppoe daemon to setup a pppoe server to > authenticate incoming clients. I want to route a /29 subnet (81.19.79.24/29) > to a client. Now I authenticate via a radius server, which frames the IP, > Protocol, and route attributes: > > Framed-Protocol = PPP > Framed-IP-Address = 81.19.79.25 > Framed-Route = 81.19.79.24/29 81.19.79.25 1 > > This appears to assign the connection without problem, and the machines on > the clients side of the network, when assigned one of the subnet's IP's have > no issue pinging out to all hosts. However, when a remote PC attempts to > access one of the public IP's - i.e. ping it - this fails. The FreeBSD > Gateway / PPPoE Server shows lots of ARP unable to resolve messages - I > presume this means it cannot find a mac address for the client. I have > checked the routing table - netstat -ran, and an entry is created for the > subnet in question (via the returned radius attributes): > > Internet Dest: Gateway: Flags: Refs: Use: Netif: Expire: > > 81.19.79.24/29 81.19.79.25 UGSc 1 147 tun0 > 81.19.79.25 81.19.78.1 UH 0 256 tun0 > 81.19.79.25 00:05:5b:71.. UHLS2 0 0 ste1 > > A tcpdump of 'ste0' (the PPPoE Daemon Interface) from an IP the clients > subnet pinging out, shows that the replies are occuring: > > 17:29:28.984831 PPPoE [ses 0x1b] 81.19.79.25 > 81.19.79.34: icmp: echo > request > 17:29:28.984831 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo reply > > However, if this role is reversed, and a remote IP - in this case > 81.19.79.34 (on a different /27 (32->63) network) attempts to ping a PC on > the client network: > > 17:37:45.214386 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo > request > 17:37:45.221413 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo > request > 17:37:45.223422 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo > request > 17:37:45.321455 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo > request > 17:37:45.623212 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo > request > > The client uses a D-Link Router which is set to allow all traffic - It is of > course possible this is misconfigured, however I would like to know if this > configuration *should* be working, or if I have made some grevious error > somewhere, which is preventing the traffic reaching the clients network. > > Many Thanks > > Colin Watson. > > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >