Date: Wed, 18 Jun 2014 00:35:54 +0200 From: Paul Blockhaus <paul@mueller-blockhaus.de> To: jesse@gooch.io,Jesse Gooch <lists@gooch.io>,freebsd-questions@freebsd.org Subject: AW: pppoe with ppp and pf nat - problems booting Message-ID: <d31b0bba-0d32-4f54-93b9-aa6a7b1c22bc@email.android.com> In-Reply-To: <53A089F8.4060409@gooch.io> References: <53A089F8.4060409@gooch.io>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
The Problrm could be, that the system doesn't wait long enough for setting up ppp, pls. let us have a look in your /var/log/messages. If it is like I think you should append the option netwait_if_timeout in the man /etc/rc.conf.
It is possible, that ppp needs up to 3 minutes.
PS: google is your friend and the man too :-)
Greetings Paul
On 17. Juni 2014 20:33:28 MESZ, Jesse Gooch <lists@gooch.io> wrote:
>Hello all!
>
>I've just set up an i386 box as my router with FreeBSD 10-RELEASE
>(updated with freebsd-update). I have two interfaces: sk0 and rl0. sk0
>is configured in ppp.conf for pppoe to my DSL modem. rl0 is configured
>to a local IP, and I have pf set up for NAT and some port forwarding.
>Unfortunately on boot pf does not get set up since tun0 (created by
>ppp)
>does not exist when pf loads, so my ruleset is not loaded!
>
>This requires me to reload the pf ruleset whenever I reboot. Another
>problem with this approach is ntpdate fails to set time properly on
>boot
>as well (although this may be ppp taking a little while to get the
>connection set up).
>
>How can I get my system to just work when I boot up? I've copypasta'd
>the related conf files with names changed to protect the innocent
>below.
>
>---ppp.conf---
>default:
> set log Phase tun command
> disable ipv6
>
>name_of_isp:
> disable ipv6
> set device PPPoE:sk0
> set authname isp_un
> set authkey isp_pw
> set dial
> set login
> add default HISADDR
> add default HISADDR6
> enable dns
>---
>
>---rc.conf---
>hostname="my_hostname"
>#this address is assigned to sk0 so I can access the administration
>page
>of my modem
>ifconfig_sk0="inet 192.168.1.100 netmask 255.255.255.0"
>ifconfig_rl0="inet 192.168.42.1 netmask 255.255.255.0"
>gateway_enable="YES"
>pf_enable="YES"
>pflog_enable="YES"
>ppp_enable="YES"
>ppp_mode="ddial"
>ppp_nat="NO"
>ppp_profile="name_of_isp"
>dhcpd_enable="YES"
>dhcpd_ifaces="rl0"
>named_enable="YES"
>ddclient_enable="YES"
>sshd_enable="YES"
>#ntpdate_enable="YES"
>#ntpdate_flags="-t 30 _timeservers_"
>ntpd_enable="YES"
>powerd_enable="YES"
># Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
>dumpdev="AUTO"
>---
>
>---pf.conf---
># Macros
>ext_if = "tun0"
>lan_if = "rl0"
>lan_ip = "192.168.42.0/24"
>
># Tables
>
># Options
>
># Traffic Normalization
>scrub in on $ext_if all fragment reassemble
>
># Queueing
>
># Translation
>nat pass on $ext_if from $lan_ip to any -> {$ext_if}
>#some redirect rules removed for port forwarding here
>
># Packet Filtering
>block in on $ext_if all
>pass out on $ext_if all keep state
>pass in on $lan_if all
>pass out on $lan_if all
>---
>_______________________________________________
>freebsd-questions@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to
>"freebsd-questions-unsubscribe@freebsd.org"
-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1
iD8DBQFToMLKLyFhCfL04ssRCt19AKDL1kVeAROLhUiFQKYkTqkpvRElYQCeM7ta
swEiE4yd7fhNdqfibK8nz/I=
=S4JM
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d31b0bba-0d32-4f54-93b9-aa6a7b1c22bc>