From owner-freebsd-questions@FreeBSD.ORG Fri Mar 12 07:29:22 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8ABD216A4CE for ; Fri, 12 Mar 2004 07:29:22 -0800 (PST) Received: from buffnet4.buffnet.net (buffnet4.buffnet.net [205.246.19.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id F404E43D39 for ; Fri, 12 Mar 2004 07:29:21 -0800 (PST) (envelope-from mtech@buffnet.net) Received: from buffnet5.buffnet.net (buffnet5.buffnet.net [205.246.19.14]) by buffnet4.buffnet.net (8.12.8/8.8.7) with ESMTP id i2CFTOb5002381 for ; Fri, 12 Mar 2004 10:29:24 -0500 (EST) (envelope-from mtech@buffnet.net) Date: Fri, 12 Mar 2004 10:29:16 -0500 (EST) From: Mohsin Rahman To: FreeBSD Questions Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: NAT & PPPoE (detailed email) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Mar 2004 15:29:22 -0000 Hello List, I am trying to setup a FreeBSD 4.9-STABLE (FreeBSD 4.9-STABLE #0: Wed Mar 10 17:33:52 EST 2004) box to connect to verizon dsl. This machine will be acting as a firewall, gateway, web and db server. I have 2 intel 10/100 nic (fxp0, fxp1). External Interface: fxp0 Internal Interface: fxp1 First thing I did was set it up in my office for NAT with static ip on fxp0 and compiled the kernel with options IPFIREWALL options IPDIVERT in /etc/rc.conf I did: defaultrouter="205.246.19.1" hostname="mohsinlap.buffnet.net" ifconfig_fxp0="inet 205.246.19.43 netmask 255.255.255.0" ifconfig_fxp1="inet 192.168.1.1 netmask 255.255.255.0" gateway_enable="YES" firewall_enable="YES" firewall_script="/etc/rc.firewall" firewall_type="OPEN" firewall_quiet="YES" natd_program="/sbin/natd" natd_enable="YES" natd_interface="fxp0" natd_flags="-f /etc/natd.conf" named_enable="YES" named_program="/usr/sbin/named" named_flags="-b /etc/namedb/named.conf" my /etc/natd.conf file has: interface fxp1 use_sockets yes same_ports yes log_denied yes Works like a charm. Was able to get to internet using a NAT'd machine (192.168.1.7). Ok.. now I take this machine to a friend who will be usig this. Since Verizon uses PPPoE, I did some googling and now my setup looks like this: the new /etc/rc.conf: defaultrouter="" hostname="" ifconfig_fxp0="DHCP" ifconfig_fxp1="inet 192.168.1.1 netmask 255.255.255.0" gateway_enable="YES" firewall_enable="YES" firewall_script="/etc/rc.firewall" firewall_type="OPEN" firewall_quiet="YES" ppp_enable="YES" ppp_mode="ddial" ppp_nat="NO" natd_program="/sbin/natd" natd_enable="YES" natd_interface="fxp0" natd_flags="-f /etc/natd.conf" /etc/ppp/ppp.conf: default: #PPPoE: PPP over Ethernet set device PPPoE:fxp0 set speed sync set mru 1492 set mtu 1492 set ctsrts off enable lqr set log phase tun add default HISADDR enable dns papchap: set authname {username} set authkey {password} in my kernel: pseudo-device tun options NETGRAPH recompile kernel, and machine comes up... but here comes the problem: since there is no hostname, during the bootup, it tries to negotiate a hostname and timesout after some time. Then I get: IP packet filtering initialized, divert enabled, rule-based forwarding enabled, default to deny, logging disabled ad0: 3098MB [6296/16/63] at ata0-master WDMA2 acd0: CDROM at ata1-master PIO3 acd1: CD-RW at ata1-slave PIO3 Mounting root from ufs:/dev/ad0s1a module_register: module netgraph already exists! linker_file_sysinit "netgraph.ko" failed to register! 17 and continues to load apache, mysql. I login to the shell and try to telnet to my test server at work and I do get to my test server. Here is what ifconfig shows: fxp0: flags=8843 mtu 1500 inet6 fe80::280:5fff:fed7:8892%fxp0 prefixlen 64 scopeid 0x1 inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255 ether 00:80:5f:d7:88:92 media: Ethernet autoselect (100baseTX ) status: active fxp1: flags=8843 mtu 1500 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::2a0:c9ff:feaa:d54c%fxp1 prefixlen 64 scopeid 0x2 ether 00:a0:c9:aa:d5:4c media: Ethernet autoselect (100baseTX ) status: active lp0: flags=8810 mtu 1500 lo0: flags=8049 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff000000 ppp0: flags=8010 mtu 1500 sl0: flags=c010 mtu 552 faith0: flags=8002 mtu 1500 tun0: flags=8051 mtu 1492 inet 141.149.140.108 --> 10.15.1.1 netmask 0xffffffff Opened by PID 61 My PPPoE works OK... I do get an IP and can get to internet from this machine. The problem is I can get to the internet from this machine ONLY, none my other machines can get to internet. How do I go about fixing this? After working on this for 3 hours, I am missing something very obvious. Please help.... Thanks. -- Mohsin AbdulRahman MTech@BuffNET.Net