From owner-freebsd-questions@FreeBSD.ORG Tue Oct 27 14:26:53 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 51DCC10656B6 for ; Tue, 27 Oct 2009 14:26:53 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de (mx01.qsc.de [213.148.129.14]) by mx1.freebsd.org (Postfix) with ESMTP id E700B8FC25 for ; Tue, 27 Oct 2009 14:26:52 +0000 (UTC) Received: from r55.edvax.de (port-92-195-97-236.dynamic.qsc.de [92.195.97.236]) by mx01.qsc.de (Postfix) with ESMTP id 881A43CB17; Tue, 27 Oct 2009 15:26:52 +0100 (CET) Received: from r55.edvax.de (localhost [127.0.0.1]) by r55.edvax.de (8.14.2/8.14.2) with SMTP id n9REQp99002189; Tue, 27 Oct 2009 15:26:51 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Tue, 27 Oct 2009 15:26:51 +0100 From: Polytropon To: =?ISO-8859-1?Q?D=E1nielisz_L=E1szl=F3?= Message-Id: <20091027152651.6a2e336e.freebsd@edvax.de> In-Reply-To: <744998.27248.qm@web30808.mail.mud.yahoo.com> References: <744998.27248.qm@web30808.mail.mud.yahoo.com> Organization: EDVAX X-Mailer: Sylpheed 2.4.7 (GTK+ 2.12.1; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-questions@freebsd.org Subject: Re: PPPoE client+pf+nat X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2009 14:26:53 -0000 On Tue, 27 Oct 2009 06:51:26 -0700 (PDT), D=E1nielisz L=E1szl=F3 wrote: > Hello, >=20 > I am looking to configure my FreeBSD 8.0 machine for the purpose specifie= d in the subject. > Let's say I have two NICs in my PC: ext_if (for wan/pppoe connection) and= int_if for my LAN. > How would you manage to get work NAT with pf using PPPoE from my ISP; I'd= like to use DHCP on my LAN. It's quite easy, I did this in the past with FreeBSD 5. 1. PPPoE -------- Setup /etc/ppp/ppp.conf with the correct data for your ISP. It woule be like this: : set device PPPoE: set authname set authkey set dial set login add default HISADDR In /etc/rc.conf, enter ifconfig_=3D"up" ppp_enable=3D"YES" ppp_profile=3D"" ppp_mode=3D"ddial" ppp_nat=3D"YES" for the external interface, and for the internal one: ifconfig_=3D"inet 192.168.100.1 netmask 0xffffff00" (or any other subnet definition you like) dhcpd_enable=3D"YES" dhcpd_conf=3D"/usr/local/etc/dhcpd.conf" dhcpd_ifaces=3D"" dhcpd_flags=3D"-q" Keep in mind that you have to load netgraph_load=3D"YES" ng_ether_load=3D"YES" ng_pppoe_load=3D"YES" ng_socket_load=3D"YES" per /boot/loader.conf in order to enable the Netgraph subsystem. I think tho 2. PF ----- Sorry, I'm not familiar with PF, I always used IPFW. So I had the rule add divert natd ip from any to any via prior to the other rules that formed a setting to be described as: "Only allow those (named) ports for connections, disallow anything else." 3. DHCP ------- Install the ISC DHCP server from ports and configure the settings for the local network as intended. THis is usually done in /usr/local/etc/dhcpd.conf with a content like this: option domain-name-servers ; ddns-update-style none; subnet 192.168.100.0 netmask 255.255.255.0 { range 192.168.100.2 192.168.100.250; option routers 192.168.100.1; } You can add "host" entries for "well-known" so they always get the same IP according to their MAC, and "deny unknown-clients;" to force MAC knowledge. Since I ran this setting in v5, kernel configuration required to have options DUMMYNET options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT in the file. I'm sure this is not needed anymore, because there are modules for this. Of course, you can include the options for NETGRAPH here, too. IMPORTANT NOTE: I'm not using such a setting anymore, so I'm not sure if this is still recommended or even working on v8. --=20 Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...