From owner-freebsd-questions Sun Oct 15 13:55:18 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail-out.visi.com (kauket.visi.com [209.98.98.22]) by hub.freebsd.org (Postfix) with ESMTP id 159A237B66C for ; Sun, 15 Oct 2000 13:54:57 -0700 (PDT) Received: from isis.visi.com (isis.visi.com [209.98.98.8]) by mail-out.visi.com (Postfix) with ESMTP id 7C5BC38E6 for ; Sun, 15 Oct 2000 15:54:53 -0500 (CDT) Received: from localhost (dgl@localhost) by isis.visi.com (8.8.8/8.8.8) with ESMTP id PAA29662 for ; Sun, 15 Oct 2000 15:54:53 -0500 (CDT) X-Authentication-Warning: isis.visi.com: dgl owned process doing -bs Date: Sun, 15 Oct 2000 15:54:53 -0500 (CDT) From: Doug Lee To: freebsd-questions@freebsd.org Subject: User ppp: can link, can send, can't receive Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I am having unexpected trouble making user ppp work. I am running 4-STABLE updated September 14, 2000 (13:00:13). I can get it to dial, connect, negotiate an address, and show outbound traffic; but nothing comes back in. I can ping the interface address but not the address at the other end of the link. I have tried innumerable things: opening up the firewall, disabling natd and even named, remaking the tun[0-3] devices, manually manipulating the route table, using different netmasks for the tun0 interface (via ppp's ifaddr line), connecting to an alternate ISP (same exact results), resetting all sysctl variables to defaults (I normally run with a few enlarged packet size settings) ... I even tried to use pppd in frustration at one point, but I can't because I don't have kernel PPP support in my kernel. I will include below a copy of my ppp.conf, a log of a session attempt, and my rc.conf and (custom) kernel config. Please include my e-mail address in any replies, as I am not yet set up with regular enough Internet access to follow this list (this little ppp problem being why :-) ). ========== ppp.conf ========== default: set device /dev/cuaa1 rename USR set log Phase Chat LCP IPCP CCP tun command set speed 115200 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK ATE1Q0M2 OK \\dATDT\\T TIMEOUT 40 CONNECT" set timeout 1200 set ifaddr 10.0.0.1/0 10.0.0.2/0 0.0.0.0 0.0.0.0 add! default HISADDR enable dns allow users dgl set server /var/run/pppc "" 0177 set redial 10+10-3.5 2 # interpacket+inc-nincs.interphonenum retriesperpacket set urgent udp +53 # nat deny_incoming yes # We don't want certain packets to keep our connection alive set filter alive 0 deny udp src eq 520 # routed set filter alive 1 deny udp dst eq 520 # routed set filter alive 2 deny udp src eq 513 # rwhod set filter alive 3 deny udp src eq 525 # timed set filter alive 4 deny udp src eq 137 # NetBIOS name service set filter alive 5 deny udp src eq 138 # NetBIOS datagram service set filter alive 6 deny udp src eq 139 # NetBIOS session service set filter alive 7 deny udp dst eq 137 # NetBIOS name service set filter alive 8 deny udp dst eq 138 # NetBIOS datagram service set filter alive 9 deny udp dst eq 139 # NetBIOS session service set filter alive 10 deny 0/0 MYADDR icmp # Ping to us from outside set filter alive 11 permit 0/0 0/0 # # And in auto mode, we don't want certain packets to cause a dialup # (This is redundant because I left two filtering plans in place here; # the first part has no effect.) set filter dial 0 deny udp src eq 513 # rwhod set filter dial 1 deny udp src eq 525 # timed set filter dial 2 deny udp src eq 137 # NetBIOS name service set filter dial 3 deny udp src eq 138 # NetBIOS datagram service set filter dial 4 deny udp src eq 139 # NetBIOS session service set filter dial 5 deny udp dst eq 137 # NetBIOS name service set filter dial 6 deny udp dst eq 138 # NetBIOS datagram service set filter dial 7 deny udp dst eq 139 # NetBIOS session service set filter dial 8 deny tcp finrst # Badly closed TCP channels # set filter dial 9 permit 0 0 # Only allow dialup to be triggered by http, rlogin, rsh, ssh, telnet, ftp, ping set filter dial 10 permit 0 0 tcp dst eq http set filter dial 11 permit 0 0 tcp dst eq login set filter dial 12 permit 0 0 tcp dst eq shell set filter dial 13 permit 0 0 tcp dst eq ssh set filter dial 14 permit 0 0 tcp dst eq telnet set filter dial 15 permit 0 0 tcp dst eq ftp set filter dial 16 permit 0 0 icmp src eq 8 # ICMP echo requests bart: set phone 7033860125 # an Earthlink number set authname XXXXXX set authkey XXXXXX bartq: # quiet bart set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK ATE1Q0M0 OK \\dATDT\\T TIMEOUT 40 CONNECT" load bart ========== connection log ========== [I trimmed the date (Oct 15) and the process id (ppp[907]) out of these lines for brevity.] 15:57:14 Phase: Using interface: tun0 15:57:14 Phase: deflink: Created in closed state 15:57:14 tun0: Command: default: set speed 115200 15:57:14 tun0: Command: default: set dial ABORT BUSY ABORT NO\sCARRIER TIMEOUT 5 "" AT OK-AT-OK ATE1Q0M2 OK \dATDT\T TIMEOUT 40 CONNECT 15:57:14 tun0: Command: default: set timeout 1200 15:57:14 tun0: Command: default: set ifaddr 10.0.0.1/0 10.0.0.2/0 0.0.0.0 0.0.0.0 15:57:14 tun0: Command: default: add! default HISADDR 15:57:14 tun0: Command: default: enable dns 15:57:14 tun0: Command: default: set server /var/run/pppc ******** 0177 15:57:14 tun0: Phase: Listening at local socket /var/run/pppc. 15:57:14 tun0: Command: default: set redial 10+10-3.5 2 15:57:14 tun0: Command: default: set urgent udp +53 15:57:14 tun0: Command: default: set filter alive 0 deny udp src eq 520 15:57:14 tun0: Command: default: set filter alive 1 deny udp dst eq 520 15:57:14 tun0: Command: default: set filter alive 2 deny udp src eq 513 15:57:14 tun0: Command: default: set filter alive 3 deny udp src eq 525 15:57:14 tun0: Command: default: set filter alive 4 deny udp src eq 137 15:57:14 tun0: Command: default: set filter alive 5 deny udp src eq 138 15:57:14 tun0: Command: default: set filter alive 6 deny udp src eq 139 15:57:14 tun0: Command: default: set filter alive 7 deny udp dst eq 137 15:57:15 tun0: Command: default: set filter alive 8 deny udp dst eq 138 15:57:15 tun0: Command: default: set filter alive 9 deny udp dst eq 139 15:57:15 tun0: Command: default: set filter alive 10 deny 0/0 MYADDR icmp 15:57:15 tun0: Command: default: set filter alive 11 permit 0/0 0/0 15:57:15 tun0: Command: default: set filter dial 0 deny udp src eq 513 15:57:15 tun0: Command: default: set filter dial 1 deny udp src eq 525 15:57:15 tun0: Command: default: set filter dial 2 deny udp src eq 137 15:57:15 tun0: Command: default: set filter dial 3 deny udp src eq 138 15:57:15 tun0: Command: default: set filter dial 4 deny udp src eq 139 15:57:15 tun0: Command: default: set filter dial 5 deny udp dst eq 137 15:57:15 tun0: Command: default: set filter dial 6 deny udp dst eq 138 15:57:15 tun0: Command: default: set filter dial 7 deny udp dst eq 139 15:57:15 tun0: Command: default: set filter dial 8 deny tcp finrst 15:57:15 tun0: Command: default: set filter dial 10 permit 0 0 tcp dst eq http 15:57:15 tun0: Command: default: set filter dial 11 permit 0 0 tcp dst eq login 15:57:15 tun0: Command: default: set filter dial 12 permit 0 0 tcp dst eq shell 15:57:15 tun0: Command: default: set filter dial 13 permit 0 0 tcp dst eq ssh 15:57:15 tun0: Command: default: set filter dial 14 permit 0 0 tcp dst eq telnet 15:57:15 tun0: Command: default: set filter dial 15 permit 0 0 tcp dst eq ftp 15:57:15 tun0: Command: default: set filter dial 16 permit 0 0 icmp src eq 8 15:57:15 tun0: Phase: PPP Started (interactive mode). 15:57:19 tun0: Command: /dev/tty: dial bart 15:57:19 tun0: Command: bart: set phone 7033860125 15:57:19 tun0: Command: bart: set authname XXXXXX 15:57:19 tun0: Command: bart: set authkey ******** 15:57:19 tun0: Phase: bundle: Establish 15:57:19 tun0: Phase: USR: closed -> opening 15:57:19 tun0: Phase: USR: Connected! 15:57:19 tun0: Phase: USR: opening -> dial 15:57:19 tun0: Chat: Phone: 7033860125 15:57:19 tun0: Chat: USR: Dial attempt 1 of 2 15:57:19 tun0: Chat: Send: AT^M 15:57:19 tun0: Chat: Expect(5): OK 15:57:19 tun0: Chat: Received: AT^M^M 15:57:19 tun0: Chat: Received: OK^M 15:57:19 tun0: Chat: Send: ATE1Q0M2^M 15:57:19 tun0: Chat: Expect(5): OK 15:57:19 tun0: Chat: Received: ATE1Q0M2^M^M 15:57:19 tun0: Chat: Received: OK^M 15:57:19 tun0: Chat: Send: ATDT7033860125^M 15:57:22 tun0: Chat: Expect(40): CONNECT 15:57:39 tun0: Chat: Received: ATDT7033860125^M^M 15:57:39 tun0: Chat: Received: CONNECT 28800/ARQ/V34/LAPM/V42BIS^M 15:57:39 tun0: Phase: USR: dial -> carrier 15:57:40 tun0: Phase: USR: /dev/cuaa1: CD detected 15:57:40 tun0: Phase: USR: carrier -> login 15:57:40 tun0: Phase: USR: login -> lcp 15:57:40 tun0: LCP: FSM: Using "USR" as a transport 15:57:40 tun0: LCP: USR: State change Initial --> Closed 15:57:40 tun0: LCP: USR: State change Closed --> Stopped 15:57:41 tun0: LCP: USR: LayerStart 15:57:41 tun0: LCP: USR: SendConfigReq(1) state = Stopped 15:57:41 tun0: LCP: ACFCOMP[2] 15:57:41 tun0: LCP: PROTOCOMP[2] 15:57:41 tun0: LCP: ACCMAP[6] 0x00000000 15:57:41 tun0: LCP: MRU[4] 1500 15:57:41 tun0: LCP: MAGICNUM[6] 0x076e8a42 15:57:41 tun0: LCP: USR: State change Stopped --> Req-Sent 15:57:41 tun0: LCP: USR: RecvConfigReq(1) state = Req-Sent 15:57:41 tun0: LCP: <0x0>[4] 0000 15:57:41 tun0: LCP: MRU[4] 1524 15:57:41 tun0: LCP: ACCMAP[6] 0x00000000 15:57:41 tun0: LCP: AUTHPROTO[4] 0xc023 (PAP) 15:57:41 tun0: LCP: PROTOCOMP[2] 15:57:41 tun0: LCP: ACFCOMP[2] 15:57:41 tun0: LCP: MRRU[4] 1524 15:57:41 tun0: LCP: ENDDISC[9] MAC 00:c0:7b:8a:a1:3f 15:57:41 tun0: LCP: LDBACP[4] 6305 15:57:41 tun0: LCP: USR: SendConfigRej(1) state = Req-Sent 15:57:41 tun0: LCP: <0x0>[4] 0000 15:57:41 tun0: LCP: MRRU[4] 1524 15:57:41 tun0: LCP: LDBACP[4] 6305 15:57:41 tun0: LCP: USR: RecvConfigAck(1) state = Req-Sent 15:57:41 tun0: LCP: USR: State change Req-Sent --> Ack-Rcvd 15:57:41 tun0: LCP: USR: RecvConfigReq(2) state = Ack-Rcvd 15:57:41 tun0: LCP: MRU[4] 1524 15:57:41 tun0: LCP: ACCMAP[6] 0x00000000 15:57:41 tun0: LCP: AUTHPROTO[4] 0xc023 (PAP) 15:57:41 tun0: LCP: PROTOCOMP[2] 15:57:41 tun0: LCP: ACFCOMP[2] 15:57:41 tun0: LCP: ENDDISC[9] MAC 00:c0:7b:8a:a1:3f 15:57:41 tun0: LCP: USR: SendConfigAck(2) state = Ack-Rcvd 15:57:41 tun0: LCP: MRU[4] 1524 15:57:41 tun0: LCP: ACCMAP[6] 0x00000000 15:57:41 tun0: LCP: AUTHPROTO[4] 0xc023 (PAP) 15:57:41 tun0: LCP: PROTOCOMP[2] 15:57:41 tun0: LCP: ACFCOMP[2] 15:57:41 tun0: LCP: ENDDISC[9] MAC 00:c0:7b:8a:a1:3f 15:57:41 tun0: LCP: USR: State change Ack-Rcvd --> Opened 15:57:41 tun0: LCP: USR: LayerUp 15:57:41 tun0: Phase: bundle: Authenticate 15:57:41 tun0: Phase: USR: his = PAP, mine = none 15:57:41 tun0: Phase: Pap Output: XXXXXX ******** 15:57:41 tun0: Phase: Pap Input: SUCCESS () 15:57:41 tun0: IPCP: Using trigger address 0.0.0.0 15:57:41 tun0: CCP: FSM: Using "USR" as a transport 15:57:41 tun0: CCP: USR: State change Initial --> Closed 15:57:41 tun0: CCP: USR: LayerStart. 15:57:41 tun0: CCP: USR: SendConfigReq(1) state = Closed 15:57:41 tun0: CCP: DEFLATE[4] win 15 15:57:41 tun0: CCP: PRED1[2] 15:57:41 tun0: CCP: USR: State change Closed --> Req-Sent 15:57:41 tun0: Phase: USR: lcp -> open 15:57:41 tun0: Phase: bundle: Network 15:57:41 tun0: IPCP: FSM: Using "USR" as a transport 15:57:41 tun0: IPCP: USR: State change Initial --> Closed 15:57:41 tun0: IPCP: USR: LayerStart. 15:57:41 tun0: IPCP: USR: SendConfigReq(1) state = Closed 15:57:41 tun0: IPCP: IPADDR[6] 0.0.0.0 15:57:41 tun0: IPCP: COMPPROTO[6] 16 VJ slots with slot compression [NOTE: The two DNS numbers are being held over from when I was connecting to the alternate ISP; apparently Earthlink just accepts them. I have not yet pulled them back out of /etc/resolv.conf.] 15:57:41 tun0: IPCP: PRIDNS[6] 209.98.98.98 15:57:41 tun0: IPCP: SECDNS[6] 198.6.1.2 15:57:41 tun0: IPCP: USR: State change Closed --> Req-Sent 15:57:41 tun0: IPCP: USR: RecvConfigReq(1) state = Req-Sent 15:57:41 tun0: IPCP: COMPPROTO[6] 16 VJ slots with slot compression 15:57:41 tun0: IPCP: IPADDR[6] 38.1.1.1 15:57:41 tun0: IPCP: USR: SendConfigAck(1) state = Req-Sent 15:57:41 tun0: IPCP: COMPPROTO[6] 16 VJ slots with slot compression 15:57:41 tun0: IPCP: IPADDR[6] 38.1.1.1 15:57:41 tun0: IPCP: USR: State change Req-Sent --> Ack-Sent 15:57:41 tun0: CCP: USR: RecvConfigReq(1) state = Req-Sent 15:57:41 tun0: CCP: STAC[6] 15:57:41 tun0: CCP: USR: SendConfigRej(1) state = Req-Sent 15:57:41 tun0: CCP: STAC[6] 15:57:42 tun0: CCP: USR: RecvConfigRej(1) state = Req-Sent 15:57:42 tun0: CCP: DEFLATE[4] win 15 15:57:42 tun0: CCP: PRED1[2] 15:57:42 tun0: CCP: USR: SendConfigReq(2) state = Req-Sent 15:57:42 tun0: CCP: [EMPTY] 15:57:42 tun0: IPCP: USR: RecvConfigRej(1) state = Ack-Sent 15:57:42 tun0: IPCP: PRIDNS[6] 209.98.98.98 15:57:42 tun0: IPCP: SECDNS[6] 198.6.1.2 15:57:42 tun0: IPCP: USR: SendConfigReq(2) state = Ack-Sent 15:57:42 tun0: IPCP: IPADDR[6] 0.0.0.0 15:57:42 tun0: IPCP: COMPPROTO[6] 16 VJ slots with slot compression 15:57:42 tun0: CCP: USR: RecvConfigRej(2) state = Req-Sent 15:57:42 tun0: CCP: [EMPTY] 15:57:42 tun0: CCP: USR: SendConfigReq(3) state = Req-Sent 15:57:42 tun0: CCP: [EMPTY] 15:57:42 tun0: IPCP: USR: RecvConfigNak(2) state = Ack-Sent 15:57:42 tun0: IPCP: IPADDR[6] 38.30.237.63 15:57:42 tun0: IPCP: IPADDR[6] changing address: 0.0.0.0 --> 38.30.237.63 15:57:42 tun0: IPCP: USR: SendConfigReq(3) state = Ack-Sent 15:57:42 tun0: IPCP: IPADDR[6] 38.30.237.63 15:57:42 tun0: IPCP: COMPPROTO[6] 16 VJ slots with slot compression 15:57:42 tun0: CCP: USR: RecvConfigRej(3) state = Req-Sent 15:57:42 tun0: CCP: [EMPTY] 15:57:42 tun0: CCP: USR: SendConfigReq(4) state = Req-Sent 15:57:42 tun0: CCP: [EMPTY] 15:57:42 tun0: IPCP: USR: RecvConfigAck(3) state = Ack-Sent 15:57:42 tun0: IPCP: USR: State change Ack-Sent --> Opened 15:57:42 tun0: IPCP: USR: LayerUp. 15:57:42 tun0: IPCP: myaddr 38.30.237.63 hisaddr = 38.1.1.1 15:57:42 tun0: CCP: USR: RecvConfigRej(4) state = Req-Sent 15:57:42 tun0: CCP: [EMPTY] 15:57:42 tun0: CCP: USR: SendConfigReq(5) state = Req-Sent 15:57:42 tun0: CCP: [EMPTY] 15:57:42 tun0: CCP: USR: RecvConfigRej(5) state = Req-Sent 15:57:42 tun0: CCP: [EMPTY] 15:57:42 tun0: CCP: USR: SendConfigReq(6) state = Req-Sent 15:57:42 tun0: CCP: [EMPTY] 15:57:42 tun0: CCP: USR: RecvConfigRej(6) state = Req-Sent 15:57:42 tun0: CCP: [EMPTY] 15:57:42 tun0: CCP: USR: SendConfigReq(7) state = Req-Sent 15:57:42 tun0: CCP: [EMPTY] 15:57:43 tun0: CCP: USR: RecvConfigRej(7) state = Req-Sent 15:57:43 tun0: CCP: [EMPTY] 15:57:43 tun0: CCP: USR: SendConfigReq(8) state = Req-Sent 15:57:43 tun0: CCP: [EMPTY] 15:57:43 tun0: CCP: USR: RecvConfigRej(8) state = Req-Sent 15:57:43 tun0: CCP: [EMPTY] 15:57:43 tun0: CCP: USR: SendConfigReq(9) state = Req-Sent 15:57:43 tun0: CCP: [EMPTY] 15:57:43 tun0: CCP: USR: RecvConfigRej(9) state = Req-Sent 15:57:43 tun0: CCP: [EMPTY] 15:57:43 tun0: CCP: USR: SendConfigReq(10) state = Req-Sent 15:57:43 tun0: CCP: [EMPTY] 15:57:43 tun0: CCP: USR: RecvTerminateReq(2) state = Req-Sent 15:57:43 tun0: CCP: USR: SendTerminateAck(2) state = Req-Sent 15:57:43 tun0: CCP: USR: RecvTerminateReq(3) state = Req-Sent 15:57:43 tun0: CCP: USR: SendTerminateAck(3) state = Req-Sent 15:57:46 tun0: CCP: USR: SendConfigReq(10) state = Req-Sent 15:57:46 tun0: CCP: [EMPTY] 15:57:49 tun0: CCP: USR: SendConfigReq(10) state = Req-Sent 15:57:49 tun0: CCP: [EMPTY] 15:57:52 tun0: CCP: USR: SendConfigReq(10) state = Req-Sent 15:57:52 tun0: CCP: [EMPTY] 15:57:55 tun0: CCP: USR: SendConfigReq(10) state = Req-Sent 15:57:55 tun0: CCP: [EMPTY] 15:57:58 tun0: CCP: USR: LayerFinish. 15:57:58 tun0: CCP: USR: State change Req-Sent --> Stopped [At this point, the link seemed fine but useless, as nothing could be sent to me. I tried pinging 38.1.1.1 (the remote end of my link) and 209.98.98.98 (primary DNS) and got no response. I then closed the connection as shown below and saw that 0 octets came in during the connection. I occasionally see small numbers of octets when IPCP closes but have no explanation for those.] 15:59:59 tun0: Command: /dev/tty: q 15:59:59 tun0: IPCP: USR: LayerDown: 38.30.237.63 15:59:59 tun0: IPCP: Using trigger address 0.0.0.0 15:59:59 tun0: IPCP: USR: SendTerminateReq(4) state = Opened 15:59:59 tun0: IPCP: USR: State change Opened --> Closing 16:00:00 tun0: IPCP: USR: RecvTerminateAck(4) state = Closing 16:00:00 tun0: IPCP: USR: LayerFinish. 16:00:00 tun0: IPCP: Connect time: 139 secs: 0 octets in, 3945 octets out 16:00:00 tun0: IPCP: total 28 bytes/sec, peak 100 bytes/sec on Sun Oct 15 16:00:00 2000 16:00:00 tun0: IPCP: USR: State change Closing --> Closed 16:00:00 tun0: Phase: bundle: Terminate 16:00:00 tun0: CCP: USR: State change Stopped --> Closed 16:00:00 tun0: CCP: USR: State change Closed --> Initial 16:00:00 tun0: LCP: USR: LayerDown 16:00:00 tun0: LCP: USR: SendTerminateReq(2) state = Opened 16:00:00 tun0: LCP: USR: State change Opened --> Closing 16:00:00 tun0: Phase: USR: open -> lcp 16:00:00 tun0: IPCP: USR: State change Closed --> Initial 16:00:00 tun0: LCP: USR: RecvTerminateAck(2) state = Closing 16:00:00 tun0: LCP: USR: LayerFinish 16:00:00 tun0: LCP: USR: State change Closing --> Closed 16:00:00 tun0: LCP: USR: State change Closed --> Initial 16:00:00 tun0: Phase: USR: Disconnected! 16:00:00 tun0: Phase: USR: lcp -> logout 16:00:00 tun0: Phase: USR: logout -> hangup 16:00:00 tun0: Phase: USR: Disconnected! 16:00:00 tun0: Phase: USR: Connect time: 161 secs: 455 octets in, 4711 octets out 16:00:00 tun0: Phase: total 32 bytes/sec, peak 171 bytes/sec on Sun Oct 15 16:00:00 2000 16:00:00 tun0: Phase: USR: hangup -> closed 16:00:00 tun0: Phase: bundle: Dead 16:00:00 tun0: Phase: PPP Terminated (normal). ========== rc.conf ========== network_interfaces="ed0 dc0 lo0" #ifconfig_ed0="inet 209.98.248.172 netmask 255.255.255.224" ifconfig_dc0="inet 192.168.2.254 netmask 255.255.255.0 media 100basetx mediaopt full-duplex" #defaultrouter="209.98.248.174" hostname="kirk.dsl.visi.com" gateway_enable="YES" firewall_enable="YES" firewall_script="/etc/rc.firewall.kirk" #firewall_type="simple" # my script doesn't use this firewall_quiet="YES" natd_enable="YES" natd_interface="ed0" # have also tried tun0 here, and disabling natd natd_flags="-f /etc/natd.conf" ntpdate_enable="YES" ntpdate_flags="ntp.visi.com" xntpd_enable="YES" xntpd_program="ntpd" xntpd_flags="-p /var/run/ntpd.pid" accounting_enable="YES" apm_enable="NO" check_quotas="YES" #enable_quotas="YES" linux_enable="YES" named_enable="YES" named_flags="-u bind -g bind" nfs_client_enable="YES" sshd_enable="YES" syslogd_enable="YES" syslogd_flags="-v -v" tcp_extensions="YES" tcp_restrict_rst="YES" # Set to YES to restrict emission of RST icmp_drop_redirect="NO" # Set to YES to ignore ICMP REDIRECT packets icmp_log_redirect="YES" # Set to YES to log ICMP REDIRECT packets savecore_enable="YES" dumpdev="/dev/ad0s1b" usbd_enable="NO" # Run the usbd daemon. usbd_flags="" # Flags to usbd (if enabled). start_vinum="" # set to YES to start vinum # have also tried with and without ppp auto using below lines ppp_enable="YES" # ppp_mode="auto" # ppp_nat="NO" # ppp_profile="bart" # ========== kernel config ========== # # CUSTOM -- Doug Lee's kernel configuration file for FreeBSD/i386 # # For more information on this file, please read the handbook section on # Kernel Configuration Files: # # http://www.FreeBSD.org/handbook/kernelconfig-config.html # # The handbook is also available locally in /usr/share/doc/handbook # if you've installed the doc distribution, otherwise always see the # FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the # latest information. # # An exhaustive list of options and more detailed explanations of the # device lines is also present in the ./LINT configuration file. If you are # in doubt as to the purpose or necessity of a line, check first in LINT. # # Based on the following kernel configuration file: # $FreeBSD: src/sys/i386/conf/GENERIC,v 1.246.2.7 2000/07/13 16:13:46 imp Exp $ machine i386 #cpu I386_CPU #cpu I486_CPU cpu I586_CPU cpu I686_CPU ident CUSTOM makeoptions KERNEL=kernel maxusers 32 makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols #options MATH_EMULATE #Support for x87 emulation options INET #InterNETworking options INET6 #IPv6 communications protocols options IPSEC #IP security options IPSEC_ESP #IP security (crypto; define w/ IPSEC) options IPSEC_DEBUG #debug for IP security options IPX #IPX/SPX communications protocols options NCP #NetWare Core protocol options FFS #Berkeley Fast Filesystem options FFS_ROOT #FFS usable as root device [keep this!] options SOFTUPDATES #Enable FFS soft updates support options MFS #Memory Filesystem options MD_ROOT #MD is a potential root device options NFS #Network Filesystem options NFS_ROOT #NFS usable as root device, NFS required options MSDOSFS #MSDOS Filesystem options CD9660 #ISO 9660 Filesystem options CD9660_ROOT #CD-ROM usable as root, CD9660 required options PROCFS #Process filesystem options KERNFS #Kernel filesystem options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!] options SCSI_DELAY=15000 #Delay (in ms) before probing SCSI options UCONSOLE #Allow users to grab the console options USERCONFIG #boot -c editor options VISUAL_USERCONFIG #visual boot -c editor options KTRACE #ktrace(1) support options SYSVSHM #SYSV-style shared memory options SYSVMSG #SYSV-style message queues options SYSVSEM #SYSV-style semaphores options P1003_1B #Posix P1003_1B real-time extensions options _KPOSIX_PRIORITY_SCHEDULING options ICMP_BANDLIM #Rate limit bad replies options KBD_INSTALL_CDEV # install a CDEV entry in /dev # To make an SMP kernel, the next two are needed #options SMP # Symmetric MultiProcessor Kernel #options APIC_IO # Symmetric (APIC) I/O # Optionally these may need tweaked, (defaults shown): #options NCPU=2 # number of CPUs #options NBUS=4 # number of busses #options NAPIC=1 # number of IO APICs #options NINTR=24 # number of INTs device isa options AUTO_EOI_1 device eisa device pci # Floppy drives device fdc0 at isa? port IO_FD1 irq 6 drq 2 device fd0 at fdc0 drive 0 device fd1 at fdc0 drive 1 # ATA and ATAPI devices device ata0 at isa? port IO_WD1 irq 14 device ata1 at isa? port IO_WD2 irq 15 device ata device atadisk # ATA disk drives device atapicd # ATAPI CDROM drives device atapifd # ATAPI floppy drives device atapist # ATAPI tape drives options ATA_STATIC_ID #Static device numbering #options ATA_ENABLE_ATAPI_DMA #Enable DMA on ATAPI devices # SCSI Controllers device ahb # EISA AHA1742 family device ahc # AHA2940 and onboard AIC7xxx devices device amd # AMD 53C974 (Teckram DC-390(T)) device dpt # DPT Smartcache - See LINT for options! device isp # Qlogic family device ncr # NCR/Symbios Logic device sym # NCR/Symbios Logic (newer chipsets) options SYM_SETUP_LP_PROBE_MAP=0x40 # Allow ncr to attach legacy NCR devices when # both sym and ncr are configured device adv0 at isa? device adw device bt0 at isa? device aha0 at isa? device aic0 at isa? # SCSI peripherals device scbus # SCSI bus (required) device da # Direct Access (disks) device sa # Sequential Access (tape etc) device cd # CD device pass # Passthrough device (direct SCSI access) # RAID controllers device ida # Compaq Smart RAID device amr # AMI MegaRAID device mlx # Mylex DAC960 family # atkbdc0 controls both the keyboard and the PS/2 mouse device atkbdc0 at isa? port IO_KBD device atkbd0 at atkbdc? irq 1 flags 0x1 #device psm0 at atkbdc? irq 12 device vga0 at isa? # splash screen/screen saver pseudo-device splash # syscons is the default console driver, resembling an SCO console device sc0 at isa? flags 0x100 # Enable this and PCVT_FREEBSD for pcvt vt220 compatible console driver #device vt0 at isa? #options XSERVER # support for X server on a vt console #options FAT_CURSOR # start with block cursor # If you have a ThinkPAD, uncomment this along with the rest of the PCVT lines #options PCVT_SCANSET=2 # IBM keyboards are non-std # Floating point support - do not disable. device npx0 at nexus? port IO_NPX irq 13 # Power management support (see LINT for more options) device apm0 at nexus? disable flags 0x20 # Advanced Power Management # PCCARD (PCMCIA) support #device card #device pcic0 at isa? irq 10 port 0x3e0 iomem 0xd0000 #device pcic1 at isa? irq 11 port 0x3e2 iomem 0xd4000 disable # Serial (COM) ports device sio0 at isa? port IO_COM1 flags 0x10 irq 4 options CONSPEED=115200 #default speed for serial console (default 9600) device sio1 at isa? port IO_COM2 irq 3 device sio2 at isa? port IO_COM3 irq 5 device sio3 at isa? port IO_COM4 irq 9 # Parallel port device ppc0 at isa? irq 7 options PPC_PROBE_CHIPSET # Enable chipset specific detection device ppbus # Parallel port bus (required) device lpt # Printer device plip # TCP/IP over parallel device ppi # Parallel port interface device device vpo # Requires scbus and da # PCI Ethernet NICs. device de # DEC/Intel DC21x4x (``Tulip'') device fxp # Intel EtherExpress PRO/100B (82557, 82558) device tx # SMC 9432TX (83c170 ``EPIC'') device vx # 3Com 3c590, 3c595 (``Vortex'') device wx # Intel Gigabit Ethernet Card (``Wiseman'') # PCI Ethernet NICs that use the common MII bus controller code. device miibus # MII bus support device dc # DEC/Intel 21143 and various workalikes device rl # RealTek 8129/8139 device sf # Adaptec AIC-6915 (``Starfire'') device sis # Silicon Integrated Systems SiS 900/SiS 7016 device ste # Sundance ST201 (D-Link DFE-550TX) device tl # Texas Instruments ThunderLAN device vr # VIA Rhine, Rhine II device wb # Winbond W89C840F device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'') # ISA Ethernet NICs. device ed0 at isa? port 0x280 irq 10 iomem 0xd8000 device ed1 at isa? port 0x300 irq 10 iomem 0xcc000 device ex device ep # WaveLAN/IEEE 802.11 wireless NICs. Note: the WaveLAN/IEEE really # exists only as a PCMCIA device, so there is no ISA attatement needed # and resources will always be dynamically assigned by the pccard code. #device wi # Aironet 4500/4800 802.11 wireless NICs. Note: the declaration below will # work for PCMCIA and PCI cards, as well as ISA cards set to ISA PnP # mode (the factory default). If you set the switches on your ISA # card for a manually chosen I/O address and IRQ, you must specify # those paremeters here. #device an # Xircom Ethernet #device xe # The probe order of these is presently determined by i386/isa/isa_compat.c. device ie0 at isa? port 0x300 irq 10 iomem 0xd0000 device fe0 at isa? port 0x300 device le0 at isa? port 0x300 irq 5 iomem 0xd0000 device lnc0 at isa? port 0x280 irq 10 drq 0 device cs0 at isa? port 0x300 device sn0 at isa? port 0x300 irq 10 # Pseudo devices - the number indicates how many units to allocated. pseudo-device loop # Network loopback pseudo-device ether # Ethernet support #pseudo-device sl 1 # Kernel SLIP #pseudo-device ppp 1 # Kernel PPP pseudo-device tun # Packet tunnel. pseudo-device pty # Pseudo-ttys (telnet etc) pseudo-device md # Memory "disks" pseudo-device gif 4 # IPv6 and IPv4 tunneling pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation) # The `bpf' pseudo-device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! pseudo-device bpf #Berkeley packet filter # USB support device uhci # UHCI PCI->USB interface device ohci # OHCI PCI->USB interface device usb # USB Bus (required) device ugen # Generic device uhid # "Human Interface Devices" device ukbd # Keyboard device ulpt # Printer device umass # Disks/Mass storage - Requires scbus and da device ums # Mouse # USB Ethernet, requires mii device aue # ADMtek USB ethernet device cue # CATC USB ethernet device kue # Kawasaki LSI USB ethernet device pcm device sbc pseudo-device speaker #Play IBM BASIC-style noises out your speaker device pca0 at isa? port IO_TIMER1 pseudo-device snp 3 #Snoop device - to look at pty/vty/etc.. #pseudo-device ccd 4 #Concatenated disk driver options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #print information about # dropped packets options IPFIREWALL_FORWARD #enable transparent proxy support #options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity #options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default options IPV6FIREWALL #firewall for IPv6 options IPV6FIREWALL_VERBOSE #options IPV6FIREWALL_VERBOSE_LIMIT=100 #options IPV6FIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT #divert sockets options IPFILTER #ipfilter support options IPFILTER_LOG #ipfilter logging options IPSTEALTH #support for stealth forwarding #options TCPDEBUG options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN options TCP_RESTRICT_RST #restrict emission of TCP RST options DUMMYNET options BRIDGE options QUOTA #enable disk quotas options NETGRAPH #netgraph(4) system options DDB options DDB_UNATTENDED #options BREAK_TO_DEBUGGER #a BREAK on a comconsole goes to #DDB, if available. # Solaris implements a new BREAK which is initiated by a character # sequence CR ~ ^b which is similar to a familiar pattern used on # Sun servers by the Remote Console. options ALT_BREAK_TO_DEBUGGER options INCLUDE_CONFIG_FILE # Include this file in kernel -- Doug Lee dgl@visi.com http://www.visi.com/~dgl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message