From owner-freebsd-net@FreeBSD.ORG  Tue May  7 18:13:52 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id EFA4D8FF
 for <freebsd-net@freebsd.org>; Tue,  7 May 2013 18:13:52 +0000 (UTC)
 (envelope-from guru@unixarea.de)
Received: from ms16-1.1blu.de (ms16-1.1blu.de [89.202.0.34])
 by mx1.freebsd.org (Postfix) with ESMTP id 8D382984
 for <freebsd-net@freebsd.org>; Tue,  7 May 2013 18:13:52 +0000 (UTC)
Received: from [82.113.99.104] (helo=tiny.Sisis.de)
 by ms16-1.1blu.de with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.69) (envelope-from <guru@unixarea.de>) id 1UZmOc-0005Hj-5L
 for freebsd-net@freebsd.org; Tue, 07 May 2013 20:13:50 +0200
Received: from tiny.Sisis.de (localhost [127.0.0.1])
 by tiny.Sisis.de (8.14.5/8.14.3) with ESMTP id r47IDl1r001000
 for <freebsd-net@freebsd.org>; Tue, 7 May 2013 20:13:48 +0200 (CEST)
 (envelope-from guru@unixarea.de)
Received: (from guru@localhost)
 by tiny.Sisis.de (8.14.5/8.14.3/Submit) id r47IDlOl000999
 for freebsd-net@freebsd.org; Tue, 7 May 2013 20:13:47 +0200 (CEST)
 (envelope-from guru@unixarea.de)
X-Authentication-Warning: tiny.Sisis.de: guru set sender to guru@unixarea.de
 using -f
Date: Tue, 7 May 2013 20:13:47 +0200
From: Matthias Apitz <guru@unixarea.de>
To: freebsd-net@freebsd.org
Subject: ppp(8) and inbound IP connections
Message-ID: <20130507181345.GA992@tiny.Sisis.de>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="cWoXeonUoKmBZSoM"
Content-Disposition: inline
X-Operating-System: FreeBSD 10.0-CURRENT r235646 (i386)
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Con-Id: 51246
X-Con-U: 0-guru
X-Originating-IP: 82.113.99.104
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: Matthias Apitz <guru@unixarea.de>
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 May 2013 18:13:53 -0000


--cWoXeonUoKmBZSoM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline



Hello,

I'm using ppp(8) for many years to connect via UMTS to my service provider
and Internet, actually www.fonic.de; all this works fine already for long
time, works fine for outgoing TCP and UDP connections to Internet.

Until now, I did not care about incoming TCP connections, for example for
SSH'ing from remote to my netbook, connected via ppp(8), or for incoming
SIP; it turns out now,, that I can:

- check with "lynx -dump myip.nl | fgrep WAN" with which addr I show
  up in Internet:

  $ lynx -dump myip.nl | fgrep WAN
          WAN IP adres: 82.113.99.104

- can SSH fine to some remote server, 

- but can not SSH back to the addr 82.113.99.104;

I contacted the provider thinking that he is blocking all IP connects which
have not been originated by a SYN pkg from my side; but he claims not
blocking anything; and now? how can I debug this?

My interface looks like this:


tun6: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
	options=80000<LINKSTATE>
	inet 10.33.28.104 --> 10.64.64.64 netmask 0xffffffff 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	Opened by PID 799

and the routing is:


Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            10.64.64.64        UGS         0     1694   tun6
10.33.28.104       link#7             UHS         0        0    lo0
10.64.64.64        link#7             UHS         0        1   tun6
127.0.0.1          link#6             UH          0       75    lo0

Any ideas about this? Thanks.

I'm attaching the ppp.conf file.

	matthias
-- 
Sent from my FreeBSD netbook

Matthias Apitz               |  - No system with backdoors like Apple/Android
E-mail: guru@unixarea.de     |  - Never being an iSlave
WWW: http://www.unixarea.de/ |  - No proprietary attachments, no HTML/RTF in E-mail
phone: +49-170-4527211       |  - Respect for open standards

--cWoXeonUoKmBZSoM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="ppp.conf"

#
# $Id: ppp.conf,v 1.1 2011/11/20 06:07:03 guru Exp $
#
# based on hint:
# http://groups.google.com/group/lucky.freebsd.usb/msg/2b88fb344c6932fe
#
# Fonic values now tested
# PIN: xxxx
# APN (AT+CGDCONT value): pinternet.interkom.de
#
# 
default:
 set log Phase Chat LCP IPCP CCP tun command

umts:

 set device /dev/cuaU0.0     # device name in CURRENT
 set speed 921600

 #
 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
        \"\" AT OK-AT-OK ATZ OK \
        AT+CFUN=1 OK \
        AT+COPS=0 OK \
        AT+CGDCONT=1,\\\"IP\\\",\\\"pinternet.interkom.de\\\" OK \
        \\dATDT\\T TIMEOUT 40 CONNECT"

 set logout "ABORT BUSY ABORT ERROR TIMEOUT 30 \"\" +++ATH O ATH OK"

 # NAT (not used by me)
 # nat enable yes
 # alias enable yes
 # nat port tcp 192.168.0.0:ftp ftp
 # nat port tcp 192.168.0.0:http http
 nat enable yes
 nat port udp 127.0.0.1:1024-1030 1024-1030
 nat port tcp 127.0.0.1:22 22

 set phone *99*1\#
 set authname "fonic"
 set authkey "fonic"
 set timeout 300
 #
 set ifaddr 10.64.64.64/0 10.64.64.64/0 255.255.255.255 0.0.0.0
 #
 add default HISADDR                    # Add a (sticky) default route
 enable dns
 disable ipv6cp

--cWoXeonUoKmBZSoM--