From owner-freebsd-newbies Tue Apr 3 5: 2:22 2001 Delivered-To: freebsd-newbies@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id A9BC637B71C for ; Tue, 3 Apr 2001 05:02:14 -0700 (PDT) (envelope-from michaelnottebrock@gmx.net) Received: (qmail 12137 invoked by uid 0); 3 Apr 2001 12:02:13 -0000 Received: from pd4b9eed7.dip.t-dialin.net (HELO lofizwei) (212.185.238.215) by mail.gmx.net (mail10) with SMTP; 3 Apr 2001 12:02:13 -0000 Message-ID: <019b01c0bc36$0bbc0060$0508a8c0@lofi.dyndns.org> From: "Michael Nottebrock" To: "Michael Radzewitz" , References: Subject: Re: help for ADSL connection Date: Tue, 3 Apr 2001 13:54:01 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-newbies@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ----- Original Message ----- From: "Michael Radzewitz" Subject: RE: help for ADSL connection [...] you can't use an ADSL connection with the normal ppp deamon. So you have to built or use the PPPoE-Software instead. > [...] > 1) Should I use PPP or PPPoE? > 2) For home networking, should I use IPFW & NATD or ppp's NAT > facility? This answer is only halfway correct. The pppd does not support pppoe yet, but the userland ppp, which is also part of the freebsd base system, does. The userland ppp also has a built-in nat feature, which (of course) can be used with dsl-connections. So, in theory, 'ppp -nat' should be all you need (apart from a kernel recompilation, where you need to add the lines options NETGRAPH options NETGRAPH_SOCKET options NETGRAPH_PPPOE options NETGRAPH_ETHER # actually only necessary for old 4.0 # and 3.x systems, but cannot hurt anyway. ) There is a technical issue with PPPoE-ADSL connections, though. The maximum transfer unit via the PPPoE connection often is only 1492 bytes, but the universal standard of common tcp/ip stacks is 1500 bytes. And, instead of sending a message back telling the client to fragment the packets, often the ISP's routers just discard the packet, with the result that, for example certain webpages, simply won't load. This problem does not necessarily affect you. Maybe, your ISP has it's routers configured properly and the problem won't surface. Also, if you are using FreeBSD 4.2-STABLE, downloaded at a later date than Dec. 18th, 2000 or FreeBSD-CURRENT, downloaded at a later date than Nov. 28th, 2000, the userland ppp is reported to already deal with this issue gracefully. For almost every other version of freebsd, a backport from the -current sources is available at http://www.awfulhak.org/ppp.html However, if you _want_ to do firewalling via ipfw, you will need to go for the natd / ipfw combination, and if the problem described above surfaces, you will also need tcpmssd (which is in the ports collection) to adjust the packets that leave your machine. Beware though: The port is broken in releases _before_ 4.2, so if you're using 4.1.1 or earlier, you will have to update your ports collection first and build tcpmssd from there. Also, using natd and and tcpmssd requiere a kernel recompilation with the following lines added: options IPFIREWALL options IPDIVERT While this may all sound very very complicated and troublesome, I did manage to get it right in the end, having had only Linux experiences before. So, Good Luck, greetings Michael Nottebock To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message