From owner-freebsd-isp@FreeBSD.ORG Wed Nov 19 09:40:39 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 791A916A4D0 for ; Wed, 19 Nov 2003 09:40:39 -0800 (PST) Received: from mail.lambdabroadband.com (mail.lambdabroadband.com [81.17.78.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 90EC643FA3 for ; Wed, 19 Nov 2003 09:40:37 -0800 (PST) (envelope-from sb.mailinglist@lambdabroadband.com) Received: from blackbox ([81.17.78.11]) by mail.lambdabroadband.com (Kerio MailServer 5.7.1) for freebsd-isp@freebsd.org; Wed, 19 Nov 2003 17:36:59 +0000 Message-ID: <009101c3aec4$40b606c0$0b4e1151@blackbox> From: "Colin Watson" To: Date: Wed, 19 Nov 2003 17:40:41 -0000 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Connecting subnet over PPP X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Colin Watson List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2003 17:40:39 -0000 Hi, I am using the userland ppp with pppoe daemon to setup a pppoe server = to authenticate incoming clients. I want to route a /29 subnet = (81.19.79.24/29) to a client. Now I authenticate via a radius server, = which frames the IP, Protocol, and route attributes: Framed-Protocol =3D PPP Framed-IP-Address =3D 81.19.79.25 Framed-Route =3D 81.19.79.24/29 81.19.79.25 1 This appears to assign the connection without problem, and the machines = on the clients side of the network, when assigned one of the subnet's = IP's have no issue pinging out to all hosts. However, when a remote PC = attempts to access one of the public IP's - i.e. ping it - this fails. = The FreeBSD Gateway / PPPoE Server shows lots of ARP unable to resolve = messages - I presume this means it cannot find a mac address for the = client. I have checked the routing table - netstat -ran, and an entry is = created for the subnet in question (via the returned radius attributes): = Internet Dest: Gateway: Flags: Refs: Use: Netif: Expire:=20 81.19.79.24/29 81.19.79.25 UGSc 1 147 tun0=20 81.19.79.25 81.19.78.1 UH 0 256 tun0 81.19.79.25 00:05:5b:71.. UHLS2 0 0 ste1 A tcpdump of 'ste0' (the PPPoE Daemon Interface) from an IP the clients = subnet pinging out, shows that the replies are occuring: 17:29:28.984831 PPPoE [ses 0x1b] 81.17.78.25 > 81.17.78.34: icmp: echo = request 17:29:28.984831 PPPoE [ses 0x1b] 81.17.78.34 > 81.17.78.25: icmp: echo = reply However, if this role is reversed, and a remote IP - in this case = 81.17.78.34 (on a different /27 (32->63) network) attempts to ping a PC = on the client network:=20 17:37:45.214386 PPPoE [ses 0x1b] 81.17.78.34 > 81.17.78.25: icmp: echo = request 17:37:45.221413 PPPoE [ses 0x1b] 81.17.78.34 > 81.17.78.25: icmp: echo = request 17:37:45.223422 PPPoE [ses 0x1b] 81.17.78.34 > 81.17.78.25: icmp: echo = request 17:37:45.321455 PPPoE [ses 0x1b] 81.17.78.34 > 81.17.78.25: icmp: echo = request 17:37:45.623212 PPPoE [ses 0x1b] 81.17.78.34 > 81.17.78.25: icmp: echo = request The client uses a D-Link Router which is set to allow all traffic - It = is of course possible this is misconfigured, however I would like to = know if this configuration *should* be working, or if I have made some = grevious error somewhere, which is preventing the traffic reaching the = clients network. Many Thanks Colin Watson. =20