From owner-freebsd-questions Tue Nov 26 6:14: 5 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A88E337B401 for ; Tue, 26 Nov 2002 06:14:01 -0800 (PST) Received: from tomts6-srv.bellnexxia.net (tomts6.bellnexxia.net [209.226.175.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 979FF43E4A for ; Tue, 26 Nov 2002 06:13:58 -0800 (PST) (envelope-from matt@gsicomp.on.ca) Received: from xena.gsicomp.on.ca ([65.95.176.205]) by tomts6-srv.bellnexxia.net (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP id <20021126141357.FNIE7805.tomts6-srv.bellnexxia.net@xena.gsicomp.on.ca>; Tue, 26 Nov 2002 09:13:57 -0500 Received: from hermes (hermes.gsicomp.on.ca [192.168.0.18]) by xena.gsicomp.on.ca (8.11.3/8.11.3) with SMTP id gAQEDrS12330; Tue, 26 Nov 2002 09:13:54 -0500 (EST) (envelope-from matt@gsicomp.on.ca) Message-ID: <010d01c29556$0f351ba0$1200a8c0@gsicomp.on.ca> From: "Matthew Emmerton" To: "John Jennings" , References: <001401c29525$d1d4ada0$337769a8@hawaii.edu> Subject: Re: PPP and NAT, this time. Date: Tue, 26 Nov 2002 09:13:55 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > To whom it may concern: > > Thanks to all responses regarding my previous problem. The issue was > resolved and our box is connected to our DSL line completely and correctly. > > We completely remade our ppp.config, and it looks as follows: > > default: > ident user-ppp VERSION (built COMPILATIONDATE) > set log Phase Chat IPCP CCP tun command > > adsl: > set authname our_username > set authkey our_password > add default HISADDR > set device !"pppoa2 -vpi 8 -vci 35 -v 1" > accept pap > set speed sync > set timeout 0 > enable lqr > set lqrperiod 5 > set redial 15 10000 > set dial "" > set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 > enable dns > > This works beautifully. Now, another problem we believed would be simple to > solve, but it isn't quite so. We have a network card in the FreeBSD machine > with IP address 192.168.1.3. It is connected to a Windows 98 machine with > IP address 192.168.1.1. The Windows 98 machine's TCP stack is completely > configured and operational (it can ping the FreeBSD machine and vice versa; > we are using a crossover cable to connect the two). We want to enable NAT > on the FreeBSD machine to allow the Windows 98 machine access to the > Internet via the FreeBSD box. > > We have done the following to accomplish this: > > 1) Built a custom kernel with options IPDIVERT and IPFIREWALL > > 2) Enabled the machine to act as a gateway in rc.conf > (gateway_enable="YES") > > 3) Enabled natd in rc.conf (nat_enable="YES") > > 4) Changed natd interface to "tun0" (our interface for ppp) > (natd_interface="tun0") > > 5) Enabled named, so Win98 can resolve names using the FreeBSD box > (named_enable="YES") > > 6) Created rc.firewall with the following lines: > > /sbin/ipfw -f flush > /sbin/ipfw add divert natd all from any to any via tun0 > /sbin/ipfw add pass all from any to any > > 7) Enabled the firewall in rc.conf (We compiled kernel with DEFAULT_ACCEPT > option) > > 8) Created rc.local to initialise the USB Alcatel Hometouch on startup: > > modem_run -f /usr/local/libdata/mgmt.o -m > > 9) We manually connect doing the following: > > ppp -ddial -nat adsl > > It connects succesfully and the FreeBSD box is on the net. > > 10) The Win98 machine can ping IP addresses outside the LAN and our ISP > (i.e. it can ping the IP of www.google.com), but it cannot resolve domain > names, nor access IP addresses of web sites (i.e. we used www.hawaii.edu 's > IP address, and the web server could not be found, yet it is accessible by > IP address from elsewhere) > > 11) We attempt to manually start natd on the FreeBSD box: > > natd -interface tun0 > > 12) Same problem as # 10, no change. > > Going with info given in reply to my previous problem, does a default route > for the 192.168.1.0 network need to be configured? > > Again, any help is greatly appreciated. If you're running ppp with the -nat flag, don't run ipfw/natd. The two mechanisms are mutually exclusive. I would recommend sticking with 'ppp -nat', so you can eliminate steps 3,4,6,7 and you don't need to run with a custom kernel (IPDIVERT, IPFIREWALL). As for step 5 (enabling named), this will only work as you intend if you've configured named to forward all requests to your ISP's DNS server, like the following: options { directory "/etc/namedb"; forwarders { 209.226.175.224; // Sympatico DNS 1 198.235.216.110; // Sympatico DNS 2 }; }; -- Matt Emmerton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message