From owner-freebsd-questions@FreeBSD.ORG Tue Nov 25 19:23:09 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CD0B8106564A for ; Tue, 25 Nov 2008 19:23:09 +0000 (UTC) (envelope-from ptkrisada@gmail.com) Received: from ti-out-0910.google.com (ti-out-0910.google.com [209.85.142.185]) by mx1.freebsd.org (Postfix) with ESMTP id 62DBC8FC0A for ; Tue, 25 Nov 2008 19:23:09 +0000 (UTC) (envelope-from ptkrisada@gmail.com) Received: by ti-out-0910.google.com with SMTP id a1so48187tib.3 for ; Tue, 25 Nov 2008 11:23:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:cc:subject :message-id:mail-followup-to:references:mime-version:content-type :content-disposition:in-reply-to:user-agent; bh=efn6mDSZAfT2rWTtM/uHlU7+M3GZoek6gbNTwzwpotQ=; b=TlbVOvxhlbtfJbJIyknZV96l6hyr49d2N3+bDm+LF8mR/j6Bd0/VRy49zh85zF6xWV zBTXQNBdGGJd15p6dPKr2KPoKTa5Xu670/qKa0tVyYKqkR+1Vhel13s3Jazw9MnEN38T O2FKdR1CNouj10VSb1BXFYiVIdzyR5WgePaKc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; b=FTceAOXm0wLHtjfpz5czoqXtdyfFdSoY9M817TDapdl/xWc+dx3KiDuPzdJ1s3Mv0R NY9MsTO2hRWeEg/kNoGMIv2V2UUfH6QRiLIzdOlvMQUgpLnsgdpUe76j+VXME2T49gmt nH5NhE5PnFSfMSA6NoDTItLZ3s96YaoDN+VVE= Received: by 10.110.50.19 with SMTP id x19mr7145207tix.53.1227640988168; Tue, 25 Nov 2008 11:23:08 -0800 (PST) Received: from gmail.com ([203.153.173.216]) by mx.google.com with ESMTPS id a14sm1626887tia.12.2008.11.25.11.23.01 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 25 Nov 2008 11:23:06 -0800 (PST) Date: Wed, 26 Nov 2008 02:22:56 +0700 From: Pongthep Kulkrisada To: freebsd-questions@freebsd.org Message-ID: <20081125192256.GA77251@gmail.com> Mail-Followup-To: freebsd-questions@freebsd.org, Manolis Kiagias , Andrew , Fbsd1 , Ian Smith References: <20081123120013.8EDF310657E3@hub.freebsd.org> <20081124012858.J43853@sola.nimnet.asn.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20081124012858.J43853@sola.nimnet.asn.au> User-Agent: Mutt/1.4.2.3i Cc: Ian Smith , Andrew , Fbsd1 , Manolis Kiagias Subject: Re: Problem about ppp -nat X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2008 19:23:10 -0000 Hi all, Firstly many thanks to all your help! And sorry for late reply... > > With these settings, My FBSD host can NOT even dial out to ISP. :-( > > Please anybody tell me, what I do wrong here. > > > At this time I must go back to the original setting in order to dial ISP. > > And lastly I'm sorry for long questions. I didn't touch /etc/ppp/ppp.conf, which has been working for 5 years since FBSD5.0R. Even if I go back to GENERIC kernel. I could not dial out to ISP in any ways. I didn't know what I do wrong even if I did read many docs. Yesterday I decided to re-install FBSD7.0R from CDs again. That causes late reply, I'm sorry. :-( I now have gateway_enable="YES" and firewall_enable="YES" in my /etc/rc.conf. I can then dial ISP again. Then the following steps were taken. 1. I can ping any sites and very fast. 2. # kldload ipfw (as I don't want to compile kernel anymore.) 3. # kldload ipdivert 4. I also have ``natd 8668/divert'' in my /etc/services. 5. # natd -interface tun0 6. # /sbin/ipfw add 101 divert natd all from any to any via tun0 7. # /sbin/ipfw add 102 pass all from any to any (Note that my first ipfw rule is 100 check-state. So steps 6 and 7 should be considered as the first two filtering rules.) I do this way because I know from reading document that ppp must be run before natd. I always want to dial ppp by myself so I can't put natd in /etc/rc.conf. And doing it interactively is very easy to detect when something goes wrong and step 1 can proof my good connection. After step 7 I switched to terminal, which keeping ping. I found that ping stalled. I tried re-connect many times, now I know that step 3 causes the problem. I have also tried putting ipfw_load="YES" and ipdivert_load="YES" in /boot/loader.conf. The problem persists. I'm quite sure that the module ipdivert has adverse effect to the connection through modem. Should I say a bug?!!! Without ipdivert I can not play NAT (I don't want to learn ``ipfw nat'' and ``ppp -nat'' for now). This was also the major problem when I recompiled kernel with options IPDIVERT few days ago. That caused me unable to connect ISP. One thing I should note here, always run ppp before natd. Last time when I was on GENERIC kernel, I couldn't connect ISP because my /etc/rc.conf contained natd. So natd ran before ppp, which was run manually. That was wrong. Anyone has a clue please point me to the right direction. I would probably go back to external router gateway ``out of the box''. For now I give up and need to rest. Thank you. Pongthep