From owner-freebsd-questions@FreeBSD.ORG Fri Nov 21 06:38:37 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 14B911065670 for ; Fri, 21 Nov 2008 06:38:37 +0000 (UTC) (envelope-from ptkrisada@gmail.com) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.170]) by mx1.freebsd.org (Postfix) with ESMTP id D88838FC12 for ; Fri, 21 Nov 2008 06:38:36 +0000 (UTC) (envelope-from ptkrisada@gmail.com) Received: by wf-out-1314.google.com with SMTP id 24so878635wfg.7 for ; Thu, 20 Nov 2008 22:38:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:mail-followup-to:mime-version:content-type :content-disposition:user-agent; bh=gtesqM94KEmckJ2iQMYVJdKYbusoYSpvoqiqjyRBRMQ=; b=fhTdMzPW8TQCh+O83dXYWL0cJ/XFDs8vdxn/PQZZbv13powkFU9BKIkwn2szQSUFCY Vdz1L6B7DbdYI4WPJu2BiGZSwt38llUcR4KOPh2vjW8fSBBkBgDoq42548Rv5MWCJdwn FKP+7Twfu4muBB6ZpUH1HGpmTSWtBnzbixUtQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:mail-followup-to:mime-version :content-type:content-disposition:user-agent; b=ddM9acYGoLv4fCnIp9RSLDcVygrvP8cygnPBfoTZUIngnn6a0dvtnXtuPU6xRa0n3d iKofwrzcXDWRvmyc7zAj4kuAEt3YEVscRGOwhtCiEZqABuKb75vtQp8VwwfV5erGUsxh bH+zY0KCib7WHhoSnsLa5e0NVttjiE/WHrTu8= Received: by 10.142.238.12 with SMTP id l12mr88144wfh.314.1227247589918; Thu, 20 Nov 2008 22:06:29 -0800 (PST) Received: from gmail.com ([203.153.172.74]) by mx.google.com with ESMTPS id 31sm2486215wff.23.2008.11.20.22.06.24 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 20 Nov 2008 22:06:29 -0800 (PST) Date: Fri, 21 Nov 2008 13:06:19 +0700 From: Pongthep Kulkrisada To: freebsd-questions@freebsd.org Message-ID: <20081121060619.GA1057@gmail.com> Mail-Followup-To: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i Subject: Problem about ppp -nat X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2008 06:38:37 -0000 Hi All, I have just subscribed to freebsd-questions and I have a question about ppp -nat. I have 2 computers. One is running FreeBSD-7.0R, the other is running WinXP. The host running FBSD7.0R has been connecting to the outside world using user-ppp without any problem for very long. Now I want to share internet access to the other host behind NAT through this FBSD host. My FBSD machine has 2 interfaces i.e. tun0 (connecting to ISP) with dynamic IP (of course) fxp0 (for internal LAN) with static IP of 192.168.1.10 My WinXP machine has 1 interface (internal LAN) with static IP of 192.168.1.11 Previously I have a router acting as a gateway for all machines behind NAT. But now I want FBSD machine to work as a gateway. I have never done this before. I tried some googling with reading ppp(8) and ipfw(8). And I tried masquerading but it didn't work. I have plenty configuration files. But the relevant configurations are listed here. /etc/rc.conf # enable IP forwarding gateway_enable="YES" # previously I ran web-server, just disable it or comment it out, not sure why! #apache_enable="YES" On the host running WinXP, I set its gateway and DNS server to the IP of ppp host i.e. 192.168.1.10. I then inserted the following line as the first rule in /etc/ipfw.rules. /sbin/ipfw add allow all from any to any via fxp0 (I know this rule is dangerous, but just for testing.) I then issue the ppp command. root@fbsd:~# ppp -background -nat myisp FBSD host (running ppp) can access anywhere but WinXP host can't. I learned from some site explaining that ppp itself has the capability of IP masquerading. And it does not require natd(8). So I don't mention about natd here. Anyone have a clue or who have done the correct configurations, please point me out. Thank you in advance. Pongthep