From owner-freebsd-questions@FreeBSD.ORG Fri Nov 21 13:57:32 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D2A0F106567B for ; Fri, 21 Nov 2008 13:57:32 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de (mx01.qsc.de [213.148.129.14]) by mx1.freebsd.org (Postfix) with ESMTP id 6EFEC8FC13 for ; Fri, 21 Nov 2008 13:57:32 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r55.edvax.de (port-92-196-26-78.dynamic.qsc.de [92.196.26.78]) by mx01.qsc.de (Postfix) with ESMTP id 22E61506CB for ; Fri, 21 Nov 2008 14:57:30 +0100 (CET) Received: from r55.edvax.de (localhost [127.0.0.1]) by r55.edvax.de (8.14.2/8.14.2) with SMTP id mALDvQjl015015 for ; Fri, 21 Nov 2008 14:57:27 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Fri, 21 Nov 2008 14:57:26 +0100 From: Polytropon To: freebsd-questions@freebsd.org Message-Id: <20081121145726.0c1208bc.freebsd@edvax.de> In-Reply-To: <20081121060619.GA1057@gmail.com> References: <20081121060619.GA1057@gmail.com> Organization: EDVAX X-Mailer: Sylpheed 2.4.7 (GTK+ 2.12.1; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Problem about ppp -nat X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2008 13:57:32 -0000 Allthough others have already given you good advice, I'd like to add that I'm running here at a similar setting, but without any of these "Windows". :-) First of all, I made my kernel capable; significant parts: # Firewall, NAT options DUMMYNET options IPFIREWALL options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=500 options IPFILTER options IPDIVERT # PPPoE: netgraph(4) system options NETGRAPH options NETGRAPH_ETHER options NETGRAPH_SOCKET options NETGRAPH_PPPOE If you don't want to compile a custom kernel, it's no problem. As far as I know, the required kernel modules will be loaded automatically. My setting includes two network interfaces, just like yours. Interface xl0 + tun0 is the PPPoE connection to the outside, while interface rl0 is the connection to the (slow) switch where the "clients" are connected. Configuration in /etc/rc.conf goes this way: ifconfig_xl0="inet 192.168.0.1 netmask 0xffffff00" ifconfig_rl0="inet 192.168.1.1 netmask 0xffffff00 media 10baseT/UTP" firewall_enable="YES" firewall_type="/etc/ipfw.conf" gateway_enable="YES" named_enable="YES" natd_enable="YES" natd_interface="xl0" ppp_enable="YES" ppp_profile="mydslprovider" ppp_mode="ddial" ppp_nat="YES" The connection is established via /etc/ppp/ppp.conf settings. Then I use a DHCP server to assign IPs to the "clients" instead of giving them fixed ones. In fact, they are fixed because I set up isc-dhcpd3-server (from ports) to assign IPs according to the respective MAC adresses. :-) Important note to IPFW settings: Have the line add divert natd ip from any to any via xl0 in your /etc/ipfw.conf. If you need to, you can add flags for natd in order to have a certain kind of port or address redirection, such as natd_flags="-redirect_port tcp 192.168.1.5:23 6666" or natd_flags="-redirect_address 192.168.1.2 123.456.789.123 \ -redirect_address 192.168.1.5 123.456.789.123" In any case, go and check your "Windows" the usual way. Don't forget to do it, instead you'll end up searching for an error on the correctly working FreeBSD installation. :-) Check if the "Windows" has got the correct IP, if the name server settings are correct and if you can (1st) ping the gateway machine and (2nd) something outside the gateway machine. -- Polytropon >From Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...