Date: Fri, 12 Mar 2004 10:51:19 -0500 From: "JJB" <Barbish3@adelphia.net> To: "Mohsin Rahman" <mtech@buffnet.net>, "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG> Subject: RE: NAT & PPPoE (detailed email) Message-ID: <MIEPLLIBMLEEABPDBIEGEELPFIAA.Barbish3@adelphia.net> In-Reply-To: <Pine.BSF.4.05.10403121028410.95345-100000@buffnet5.buffnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Go back to using generic kernel.
There is no reason to compile anything to get your setup to
function
at your friend house using dsl.
Make these changes
In ppp.conf delete
papchap:
set authname {username}
set authkey {password}
in rc.conf
change this ifconfig_fxp0="DHCP" to ifconfig_fxp0="UP"
and add this ifconfig_tun0="DHCP"
also needs hostname for sendmail to work use "fbsdhome.com" as good
fake FQDN.
-----Original Message-----
From: owner-freebsd-questions@freebsd.org
[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Mohsin
Rahman
Sent: Friday, March 12, 2004 10:29 AM
To: FreeBSD Questions
Subject: NAT & PPPoE (detailed email)
Hello List,
I am trying to setup a FreeBSD 4.9-STABLE (FreeBSD 4.9-STABLE #0:
Wed
Mar 10 17:33:52 EST 2004) box to connect to verizon dsl. This
machine will
be acting as a firewall, gateway, web and db server. I have 2 intel
10/100
nic (fxp0, fxp1).
External Interface: fxp0
Internal Interface: fxp1
First thing I did was set it up in my office for NAT with static ip
on
fxp0 and compiled the kernel with
options IPFIREWALL
options IPDIVERT
in /etc/rc.conf I did:
defaultrouter="205.246.19.1"
hostname="mohsinlap.buffnet.net"
ifconfig_fxp0="inet 205.246.19.43 netmask 255.255.255.0"
ifconfig_fxp1="inet 192.168.1.1 netmask 255.255.255.0"
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="OPEN"
firewall_quiet="YES"
natd_program="/sbin/natd"
natd_enable="YES"
natd_interface="fxp0"
natd_flags="-f /etc/natd.conf"
named_enable="YES"
named_program="/usr/sbin/named"
named_flags="-b /etc/namedb/named.conf"
my /etc/natd.conf file has:
interface fxp1
use_sockets yes
same_ports yes
log_denied yes
Works like a charm. Was able to get to internet using a NAT'd
machine
(192.168.1.7). Ok.. now I take this machine to a friend who will be
usig this. Since Verizon uses PPPoE, I did some googling and now my
setup
looks like this:
the new /etc/rc.conf:
defaultrouter=""
hostname=""
ifconfig_fxp0="DHCP"
ifconfig_fxp1="inet 192.168.1.1 netmask 255.255.255.0"
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="OPEN"
firewall_quiet="YES"
ppp_enable="YES"
ppp_mode="ddial"
ppp_nat="NO"
natd_program="/sbin/natd"
natd_enable="YES"
natd_interface="fxp0"
natd_flags="-f /etc/natd.conf"
/etc/ppp/ppp.conf:
default:
#PPPoE: PPP over Ethernet
set device PPPoE:fxp0
set speed sync
set mru 1492
set mtu 1492
set ctsrts off
enable lqr
set log phase tun
add default HISADDR
enable dns
papchap:
set authname {username}
set authkey {password}
in my kernel:
pseudo-device tun
options NETGRAPH
recompile kernel, and machine comes up... but here comes the
problem:
since there is no hostname, during the bootup, it tries to negotiate
a
hostname and timesout after some time. Then I get:
IP packet filtering initialized, divert enabled, rule-based
forwarding
enabled, default to deny, logging disabled
ad0: 3098MB <IBM-DAQA-33240> [6296/16/63] at ata0-master WDMA2
acd0: CDROM <MATSHITA CR-5850> at ata1-master PIO3
acd1: CD-RW <Hewlett-Packard CD-Writer Plus 8100> at ata1-slave PIO3
Mounting root from ufs:/dev/ad0s1a
module_register: module netgraph already exists!
linker_file_sysinit "netgraph.ko" failed to register! 17
and continues to load apache, mysql. I login to the shell and try to
telnet to my test server at work and I do get to my test server.
Here is
what ifconfig shows:
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::280:5fff:fed7:8892%fxp0 prefixlen 64 scopeid 0x1
inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
ether 00:80:5f:d7:88:92
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::2a0:c9ff:feaa:d54c%fxp1 prefixlen 64 scopeid 0x2
ether 00:a0:c9:aa:d5:4c
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
inet 141.149.140.108 --> 10.15.1.1 netmask 0xffffffff
Opened by PID 61
My PPPoE works OK... I do get an IP and can get to internet from
this
machine. The problem is I can get to the internet from this
machine ONLY, none my other machines can get to internet. How do I
go
about fixing this? After working on this for 3 hours, I am missing
something very obvious. Please help.... Thanks.
--
Mohsin AbdulRahman
MTech@BuffNET.Net
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGEELPFIAA.Barbish3>