Jacob Your rc.conf is all wrong, you are doing the nat process in both 'user ppp' and IPFW, this is wrong. The default IPFW firewall rules are useless in protecting you. If you want stateful ipfw rules which will give you max in protection and that will work as is for your situation let me know.
-------SAMPLE RC.CONF------- ifconfig_em0="inet 192.168.2.1 netmask 255.255.0.0" ifconfig_dc0=up ppp_enable="YES" ppp_mode="ddial" ppp_nat="YES" ppp_profile="dialisp" gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN" -------END RC.CONF------- see if this works for you. Please let me know the out come. #################### start of DSL ppp.conf ################### default: set log Phase tun #use to avoid excessive log sizes set timeout 0 # no idle time out, will not disconnect dialisp: set device PPPoE:XXX # replace xxx with your Nic card device name set authname YOURLOGINNAME # Replace with your ISP account IP set authkey YOURPASSWORD # Replace with your ISP account password add default HISADDR # Add a (sticky) default route (Mandatory) enable dns # Gets the ISP's DNS IP address & places them # in resolv.conf for reference by FBSD box. ############### End of DSL ppp.conf ################################# Replace the XXX in the [set device PPPoE:XXX] statement with the Nic card FBSD interface name. Sometimes it will be necessary to use a service tag to establish your connection depending on how your ISP and/or the phone company has it's DSL network configured. Service tags are used to distinguish between different PPPoE servers attached to a given network. You should have been given any required service tag information in the documentation provided by your ISP. If you cannot locate it there, ask your ISP's tech support personnel. This is the format of the command with the service tag added set device PPPoE:XXX:service_tag The xxxx is the FBSD interface name used by PPPoE, the interface must be UP, (IE: enabled). It is only used as transport, and does not need to be assigned an IP address. This can be done automatically at boot time by updating the /etc/rc.conf file. The format of the statement to add is ifconfig_xxxx=up where xxxx is Nic card FBSD interface name used by PPPoE that you specified in the /etc/ppp/ppp.conf file. ee /etc/rc.conf add following statement ifconfig_xxxx=up To setup user ppp to dial your ISP automatically at FBSD boot time, you have to add the following statements to the rc.conf file. The ddial option means to redial every time the connection to the ISP gets dropped. ee /etc/rc.conf # Activate user ppp auto start at boot time ppp_enable="YES" # Start User ppp task ppp_mode="ddial" # ddial, auto, background ppp_profile="dialisp" # section in ppp.conf to -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jerrys Transmission Sent: Friday, January 23, 2004 9:40 AM To: [EMAIL PROTECTED] Subject: DSL with User PPP and Static IP Hello, I have just started working for a local auto transmission repair shop and am trying to get the local server up and running. Specifically, the server works great with dynamic IPs assigned from the DSL provider (using PPPoE) but it burps when I attempt a static IP as per the handbook's "Using User PPP" section. Our business was given the following values for connecting to the Internet: Net: 188.8.131.52 Gateway: 184.108.40.206 Netmask: 255.255.255.248 Broadcast: 220.127.116.11 Static IPs 193-197 When I change /etc/ppp/ppp.conf (sample attached) to: set ifaddr 18.104.22.168 22.214.171.124 255.255.255.248 tun0 is "Opened by PID xxx" but does not show any IP addresses, and the connection does not work. If I leave the ifaddr to the dynamic setting (which includes the 0.0.0.0) everything works fine. I am including a sample of our local ppp.conf, ifconfig output, and relevant parts of rc.conf for reference. Please note, the ifconfig output shows the missing inet line when a static config is attempted. Any help would be greatly appreciated. Thanks again, Jacob @ Jerry's Transmission Service Guilford, CT 06437 --------SAMPLE PPP.CONF------- default: set log Phase Chat LCP IPCP CCP tun command nat enable yes nat same_ports yes nat use_sockets yes set redial 15 28800 set reconnect 15 28800 sbcglobal: set device PPPoE:dc0: set mru 1492 set mtu 1492 set speed sync enable lqr set lqrperiod 5 set cd 5 set dial set login set timeout 0 set authname [CENSORED] set authkey [CENSORED] set ifaddr 126.96.36.199 188.8.131.52 255.255.255.248 add default HISADDR enable dns loop: set timeout 0 set log phase chat connect lcp ipcp command set device localhost:pptp set dial set login set ifaddr 192.168.0.1 192.168.0.200-192.168.0.253 255.255.255.255 set server /tmp/loop "" 0177 loop-in: set timeout 0 set log phase lcp ipcp command allow mode direct pptp: load loop enable loop disable pap enable passwdauth enable proxy accept dns set dns 192.168.0.1 192.168.0.2 set nbns 192.168.0.15 192.168.0.16 set device !/etc/ppp/secure -------END PPP.CONF------- -------SAMPLE IFCONFIG------- dc0: flags=88c3<UP,BROADCAST,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1492 inet6 fe80::204:5aff:fe7f:75d4%dc0 prefixlen 64 scopeid 0x1 inet 10.0.0.1 netmask 0xff000000 broadcast 10.255.255.255 ether 00:04:5a:7f:75:d4 media: Ethernet autoselect (100baseTX <full-duplex>) status: active em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=3<rxcsum,txcsum> inet6 fe80::207:e9ff:fe70:801b%em0 prefixlen 64 scopeid 0x2 inet 192.168.2.1 netmask 0xffff0000 broadcast 192.168.255.255 ether 00:07:e9:70:80:1b media: Ethernet autoselect (100baseTX <half-duplex>) status: active lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552 faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 inet 127.0.0.1 netmask 0xff000000 ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492 Opened by PID 501 -------END IFCONFIG------- -------SAMPLE RC.CONF------- network_interfaces="auto" ifconfig_em0="inet 192.168.2.1 netmask 255.255.0.0" ifconfig_dc0="inet 10.0.0.1 mtu 1492 netmask 255.0.0.0 -arp up" ppp_enable="YES" ppp_mode="ddial" ppp_nat="YES" ppp_profile="sbcglobal" gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" natd_interface="tun0" natd_flags="-u -m -dynamic -s" named_enable="YES" -------END RC.CONF------- _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"