From owner-freebsd-questions@FreeBSD.ORG Sun Jul 1 18:21:30 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8819E16A400 for ; Sun, 1 Jul 2007 18:21:30 +0000 (UTC) (envelope-from bmr333@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.177]) by mx1.freebsd.org (Postfix) with ESMTP id 670ED13C45B for ; Sun, 1 Jul 2007 18:21:30 +0000 (UTC) (envelope-from bmr333@gmail.com) Received: by wa-out-1112.google.com with SMTP id j37so2001348waf for ; Sun, 01 Jul 2007 11:21:30 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=uAZIBRsENZ5Q5NowULcuWXqeZSHfK+J3BTGWJWjjWcVoKzmqhK0wJnNhaW8KmLcUB76EzdF+JCdE9wQ6c57jqcOiPcDf7Uhu2BsyNZj8yuYj6joYBXIRh871as28qFTnl5RLO2TTnjVKRvpcZvRwjFoXqO3UEIP5a8Tjo8114+k= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=We8qrMGB+1+qJlmH4mmiyWt4fIwGPPwHUQTPEa4jmgOw8wYlCKKQs4Lyovi2qyRJYb+lT6HV3J4MEbJ96gK2aiVuiCT6OzcyxLyeDoQAUKgvUzEqMS8oHJADkBdv0FhVwjfIRJbmRSfXZtSuMLAketYdKSn2obiCsLwC9+D2xU0= Received: by 10.115.108.1 with SMTP id k1mr4428751wam.1183312606393; Sun, 01 Jul 2007 10:56:46 -0700 (PDT) Received: by 10.115.55.13 with HTTP; Sun, 1 Jul 2007 10:56:46 -0700 (PDT) Message-ID: Date: Mon, 2 Jul 2007 01:56:46 +0800 From: "munkhbayar batkhuu" To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: pppoe and nat problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jul 2007 18:21:30 -0000 hi all. I'm trying to solve one problem but with no success in 1 week. I'm setting up Gateway server with PPPoE functionality for per LAN users to authenticate and traffic shaping. Incoming Internet connection is Ethernet. This PC have 2 NIC. LAN NIC do not have IP assigned. pppoe listens on LAN side interface and passes connection to user land ppp. (traffic shaping is via IPFW) ppp handles all other tasks like Proxy-Arp and so on. I have only 8 public IP address from ISP. So current test configuration is "Proxy-Arp" in ppp.conf and PPP's DHCP range is within ISP allocated zone. Every thing is Ok, with this configuration, LAN users can surf the net. This configuration can support at most, ISP allocated IP numer of concurrent connections. If I allocate exceeding IP zone for DHCP in ppp.conf like "set ifaddr 100.200.300.1 100.200.300.2-100.200.300.100" then ppp.log says "ppp Warning: xx.xx.xx.xx : Cannot determine ethernet address for proxy ARP", maybe it's obvious because of its not in Internet IP zone anymore. But I need to support at least 50 simultaneous connection. If possible, I need NAT in inside PPP. I tried, tried, reed many times. No success. In ppp(8) man it says "NAT is done on the external interface only, and is unlikely to make sense if used with the -direct flag." Current pppoed forks /usr/sbin/ppp with the "-direct" argument. Is it clue on this problem? How to NAT or Route if PPP's DHCP IP zone is different from Gateway IP zone when ppp is working in "-direct" mode. How to to route traffic within tunX and Gateway NIC? Or is there any other solutions for this? Thanks in advance. Help much appreciated. munkh.