From owner-freebsd-questions@FreeBSD.ORG Sun Nov 23 07:41:42 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E5C671065670 for ; Sun, 23 Nov 2008 07:41:41 +0000 (UTC) (envelope-from sonic2000gr@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169]) by mx1.freebsd.org (Postfix) with ESMTP id 6E52D8FC08 for ; Sun, 23 Nov 2008 07:41:41 +0000 (UTC) (envelope-from sonic2000gr@gmail.com) Received: by ug-out-1314.google.com with SMTP id 30so481234ugs.39 for ; Sat, 22 Nov 2008 23:41:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=fcJADf5JVPnVFGaZiM1Kaxa/rrAM5fqW3Tz8mgp0t20=; b=SSULgvpCUg4biEKkCBjoGMzXZYwNmzKo8OcNwP1cncoctpoJk57B46Zkedt9OkGMnT RLqppTo8W6aU1rNN1l4zs1bBWOLU603zXhlX7sJl2Pq574zG6zZbl3S/KmF8qvNHJMBw PxO2z7tudv4TFcm64Pz0jvQJS7GOPrkFhsQ1s= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=g8UNNyPq7kqNYksTF4tR4wZBvaGecBumc8nhOItTDxtyNmRbCDgSV1TlkxG88JZfEh W12s1XmIZJGnU1khdIPW+ia/Ux//BaY2LDUy0EDbzTLyahRqq9Pykh59rIXQ4f9qB4K9 G3p/zaqnq50V1cPJkvmaa58nss7JAKHiui2g8= Received: by 10.66.245.2 with SMTP id s2mr1225345ugh.66.1227426100297; Sat, 22 Nov 2008 23:41:40 -0800 (PST) Received: from atlantis.dyndns.org (athedsl-69553.home.otenet.gr [87.203.152.255]) by mx.google.com with ESMTPS id k30sm2363646ugc.25.2008.11.22.23.41.37 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 22 Nov 2008 23:41:38 -0800 (PST) Message-ID: <4929092F.1050709@gmail.com> Date: Sun, 23 Nov 2008 09:41:35 +0200 From: Manolis Kiagias User-Agent: Thunderbird 2.0.0.17 (X11/20081011) MIME-Version: 1.0 To: Pongthep Kulkrisada References: <20081121060619.GA1057@gmail.com> <20081121145726.0c1208bc.freebsd@edvax.de> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Problem about ppp -nat X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Nov 2008 07:41:42 -0000 Pongthep Kulkrisada wrote: > * Manolis Kiagias (sonic2000gr@gmail.com) wrote: > >> This worked fine for me, although I prefer to use pf. Here is how I >> setup pf (Adjust for your interfaces as necessary) >> >> My Internet interface is rl0, setup in rc.conf as: >> >> ifconfig_rl0="inet 192.168.0.100 netmask 255.255.255.0" >> >> My local interface is rl1, setup in rc.conf as: >> >> ifconfig_rl1="inet 192.168.1.100 netmask 255.255.255.0" >> > 3. I haven't mentioned that I can't use this configuration. I have 2 > interfaces i.e. public and private LAN. But I have only one NIC card for > private LAN. I don't have NIC card for public. I'm using 56k modem to > connect the outside world. I think I can't add > > ifconfig_tun0="inet 192.168.0.100 netmask 0xffffff00" > You won't of course put this in rc.conf. However AFAIK tun0 is *still* a network interface and can appear in firewall rules. So the PF method I described should work, tun0 is considered the "external" network interface, the rule would be: nat pass on tun0 from rl1:network to any -> (tun0) where rl1 would be the internal interface. Needless to say, I have no way of testing the above as I don't have a modem. Since obviously you want to use ipfw, I still suggest you go by the handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html First, make sure Internet works normally on your FreeBSD host. Then apply the above instructions. The example in the handbook shows a line: natd_interface="fxp0" which in your case would be: natd_interface="tun0" It seems you already have these settings though, so I would review the Handbook instructions and remove anything else from the configuration which does not appear there. Once things are working, go back and add firewall rules etc. Handbook instructions worked for me (with two ethernet cards though) "out of the box".