Date: Wed, 26 Nov 2008 02:22:56 +0700 From: Pongthep Kulkrisada <ptkrisada@gmail.com> To: freebsd-questions@freebsd.org Cc: Ian Smith <smithi@nimnet.asn.au>, Andrew <awd@awdcomp.net>, Fbsd1 <fbsd1@a1poweruser.com>, Manolis Kiagias <sonic2000gr@gmail.com> Subject: Re: Problem about ppp -nat Message-ID: <20081125192256.GA77251@gmail.com> In-Reply-To: <20081124012858.J43853@sola.nimnet.asn.au> References: <20081123120013.8EDF310657E3@hub.freebsd.org> <20081124012858.J43853@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi all, Firstly many thanks to all your help! And sorry for late reply... > > With these settings, My FBSD host can NOT even dial out to ISP. :-( > > Please anybody tell me, what I do wrong here. > > > At this time I must go back to the original setting in order to dial ISP. > > And lastly I'm sorry for long questions. I didn't touch /etc/ppp/ppp.conf, which has been working for 5 years since FBSD5.0R. Even if I go back to GENERIC kernel. I could not dial out to ISP in any ways. I didn't know what I do wrong even if I did read many docs. Yesterday I decided to re-install FBSD7.0R from CDs again. That causes late reply, I'm sorry. :-( I now have gateway_enable="YES" and firewall_enable="YES" in my /etc/rc.conf. I can then dial ISP again. Then the following steps were taken. 1. I can ping any sites and very fast. 2. # kldload ipfw (as I don't want to compile kernel anymore.) 3. # kldload ipdivert 4. I also have ``natd 8668/divert'' in my /etc/services. 5. # natd -interface tun0 6. # /sbin/ipfw add 101 divert natd all from any to any via tun0 7. # /sbin/ipfw add 102 pass all from any to any (Note that my first ipfw rule is 100 check-state. So steps 6 and 7 should be considered as the first two filtering rules.) I do this way because I know from reading document that ppp must be run before natd. I always want to dial ppp by myself so I can't put natd in /etc/rc.conf. And doing it interactively is very easy to detect when something goes wrong and step 1 can proof my good connection. After step 7 I switched to terminal, which keeping ping. I found that ping stalled. I tried re-connect many times, now I know that step 3 causes the problem. I have also tried putting ipfw_load="YES" and ipdivert_load="YES" in /boot/loader.conf. The problem persists. I'm quite sure that the module ipdivert has adverse effect to the connection through modem. Should I say a bug?!!! Without ipdivert I can not play NAT (I don't want to learn ``ipfw nat'' and ``ppp -nat'' for now). This was also the major problem when I recompiled kernel with options IPDIVERT few days ago. That caused me unable to connect ISP. One thing I should note here, always run ppp before natd. Last time when I was on GENERIC kernel, I couldn't connect ISP because my /etc/rc.conf contained natd. So natd ran before ppp, which was run manually. That was wrong. Anyone has a clue please point me to the right direction. I would probably go back to external router gateway ``out of the box''. For now I give up and need to rest. Thank you. Pongthep
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081125192256.GA77251>