From owner-freebsd-questions@FreeBSD.ORG  Sun Oct 12 18:16:36 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 15BC416A4B3
	for <freebsd-questions@freebsd.org>;
	Sun, 12 Oct 2003 18:16:36 -0700 (PDT)
Received: from addr8.addr.com (addr8.addr.com [209.249.147.215])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7542043F93
	for <freebsd-questions@freebsd.org>;
	Sun, 12 Oct 2003 18:16:35 -0700 (PDT)
	(envelope-from snoonan@addr8.addr.com)
Received: from addr8.addr.com (localhost.addr.com [127.0.0.1])
	by addr8.addr.com (8.12.8/8.12.8/Submit) with ESMTP id h9D1GZQS019798
	for <freebsd-questions@freebsd.org>;
	Sun, 12 Oct 2003 18:16:35 -0700 (PDT)
Received: from localhost (snoonan@localhost)
	by addr8.addr.com (8.12.8/8.12.7/Submit) with ESMTP id h9D1GZ0j019795
	for <freebsd-questions@freebsd.org>;
	Sun, 12 Oct 2003 18:16:35 -0700 (PDT)
Date: Sun, 12 Oct 2003 18:16:34 -0700 (PDT)
From: Sean Noonan <snoonan@addr8.addr.com>
To: freebsd-questions@freebsd.org
Message-ID: <Pine.BSF.4.05.10310121732110.2105-100000@addr8.addr.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: NAT and PPPoE problems
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Oct 2003 01:16:36 -0000

Hi Folks,

I've used NAT with FreeBSD for years now, but recently had to change my
ISP.  My new ISP, SBC, uses PPPoE (yuck).  I've finally got PPPoE working,
but am having a heck of a time getting NAT to work with it.  I'm tracking
STABLE and cvsup'd, etc, about two weeks ago to 4.9-PRERELEASE.  Here's my
config:

/etc/ppp/ppp.conf:

default:
 # PPP over Ethernet
 set log phase tun command
 set device PPPoE:dc0
 set mru 1492
 set mtu 1492
 set ctsrts off
 set cd off
 set redial 0 0
 set dial
 set login
 # set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
 set ifaddr 67.116.219.246/0 67.116.219.254/0
 add default HISADDR                    # Add a (sticky) default route
 enable lqr
 enable dns
SBC:
 set authname myuserid@sbcglobal.net
 set authkey mypassword

/etc/rc.conf:

ez_ipupdate_enable="YES"
firewall_enable="YES"
firewall_type="open"
firewall_logging="YES"
gatway_enable="YES"
gif_interfaces="gif0"
# gifconfig_gif0="67.112.141.75 67.52.144.191"
hostname="sean-noonan.kicks-ass.net"
ifconfig_xl0="inet 192.168.6.1 netmask 255.255.255.0"
ipsec_enable="YES"
kern_securelevel_enable="NO"
linux_enable="YES"
lpd_endable="YES"
moused_enable="YES"
moused_flags="-3"
moused_type="auto"
named_enable="NO"
#natd_enable="YES"
#natd_interface="dc0"
network_interfaces="xl0 dc0 gif0 tun0 lo0"
nfs_reserved_port_only="YES"
nfs_server_enable="YES"
nisdomainname="NO"
ppp_enable="YES"
ppp_mode="ddial"
ppp_nat="YES"
ppp_profile="SBC"
saver="logo"
sendmail_enable="YES"
sshd_enable="YES"
syslogd_enable="YES"
tcp_extensions="YES"
xntpd_enable="YES"

output of ifconfig -a:

xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.6.1 netmask 0xffffff00 broadcast 192.168.6.255
        inet6 fe80::2a0:24ff:fed8:4738%xl0 prefixlen 64 scopeid 0x1
        ether 00:a0:24:d8:47:38
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::204:5aff:fe45:5aa8%dc0 prefixlen 64 scopeid 0x2
        ether 00:04:5a:45:5a:a8
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
        inet 67.121.201.208 --> 67.121.203.254 netmask 0xffffffff
        Opened by PID 57

output of netstat -rn:

Routing tables
Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            67.121.203.254     UGSc        4       30   tun0
67.121.203.254     67.121.201.208     UH          5        0   tun0
127.0.0.1          127.0.0.1          UH          0        0    lo0
192.168.6          link#1             UC          1        0    xl0
192.168.6.2        00:0c:76:51:77:7e  UHLW        0        0    xl0   1079

The RFC1918 PC is using 192.168.6.2 for its IP address and 192.168.6.1 for
its default gateway.  The RFC1918 PC can successfully ping the gateway's
internal and external interfaces, but nothing beyond.

Adding an ipfw rule like:

ipfw add 1 allow log ip from any to any

shows ping traffic betwen the inside interface of the gateway and the
RFC1918 PC, but nothing else.

I've tried several ways of involking NAT, including via the ppp.conf file,
via the command-line, and via rc.conf (the current flavor).  None seem to
work.

Anybody have an ideas on how to proceed??

TIA,

--Sean Noonan.