Date: Tue, 26 Nov 2002 09:13:55 -0500 From: "Matthew Emmerton" <matt@gsicomp.on.ca> To: "John Jennings" <jljennin@hawaii.edu>, <freebsd-questions@FreeBSD.ORG> Subject: Re: PPP and NAT, this time. Message-ID: <010d01c29556$0f351ba0$1200a8c0@gsicomp.on.ca> References: <001401c29525$d1d4ada0$337769a8@hawaii.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> To whom it may concern:
>
> Thanks to all responses regarding my previous problem. The issue was
> resolved and our box is connected to our DSL line completely and
correctly.
>
> We completely remade our ppp.config, and it looks as follows:
>
> default:
> ident user-ppp VERSION (built COMPILATIONDATE)
> set log Phase Chat IPCP CCP tun command
>
> adsl:
> set authname our_username
> set authkey our_password
> add default HISADDR
> set device !"pppoa2 -vpi 8 -vci 35 -v 1"
> accept pap
> set speed sync
> set timeout 0
> enable lqr
> set lqrperiod 5
> set redial 15 10000
> set dial ""
> set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
> enable dns
>
> This works beautifully. Now, another problem we believed would be simple
to
> solve, but it isn't quite so. We have a network card in the FreeBSD
machine
> with IP address 192.168.1.3. It is connected to a Windows 98 machine with
> IP address 192.168.1.1. The Windows 98 machine's TCP stack is
completely
> configured and operational (it can ping the FreeBSD machine and vice
versa;
> we are using a crossover cable to connect the two). We want to enable
NAT
> on the FreeBSD machine to allow the Windows 98 machine access to the
> Internet via the FreeBSD box.
>
> We have done the following to accomplish this:
>
> 1) Built a custom kernel with options IPDIVERT and IPFIREWALL
>
> 2) Enabled the machine to act as a gateway in rc.conf
> (gateway_enable="YES")
>
> 3) Enabled natd in rc.conf (nat_enable="YES")
>
> 4) Changed natd interface to "tun0" (our interface for ppp)
> (natd_interface="tun0")
>
> 5) Enabled named, so Win98 can resolve names using the FreeBSD box
> (named_enable="YES")
>
> 6) Created rc.firewall with the following lines:
>
> /sbin/ipfw -f flush
> /sbin/ipfw add divert natd all from any to any via tun0
> /sbin/ipfw add pass all from any to any
>
> 7) Enabled the firewall in rc.conf (We compiled kernel with
DEFAULT_ACCEPT
> option)
>
> 8) Created rc.local to initialise the USB Alcatel Hometouch on startup:
>
> modem_run -f /usr/local/libdata/mgmt.o -m
>
> 9) We manually connect doing the following:
>
> ppp -ddial -nat adsl
>
> It connects succesfully and the FreeBSD box is on the net.
>
> 10) The Win98 machine can ping IP addresses outside the LAN and our ISP
> (i.e. it can ping the IP of www.google.com), but it cannot resolve domain
> names, nor access IP addresses of web sites (i.e. we used www.hawaii.edu
's
> IP address, and the web server could not be found, yet it is accessible by
> IP address from elsewhere)
>
> 11) We attempt to manually start natd on the FreeBSD box:
>
> natd -interface tun0
>
> 12) Same problem as # 10, no change.
>
> Going with info given in reply to my previous problem, does a default
route
> for the 192.168.1.0 network need to be configured?
>
> Again, any help is greatly appreciated.
If you're running ppp with the -nat flag, don't run ipfw/natd. The two
mechanisms are mutually exclusive. I would recommend sticking with
'ppp -nat', so you can eliminate steps 3,4,6,7 and you don't need to run
with a custom kernel (IPDIVERT, IPFIREWALL).
As for step 5 (enabling named), this will only work as you intend if you've
configured named to forward all requests to your ISP's DNS server, like the
following:
options {
directory "/etc/namedb";
forwarders
{
209.226.175.224; // Sympatico DNS 1
198.235.216.110; // Sympatico DNS 2
};
};
--
Matt Emmerton
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010d01c29556$0f351ba0$1200a8c0>