[leaf-user] Trouble with virgin setup of Bering 1.0, on PPPoE DSL

[freeman]

First, thanks to everyone who deveops & supports this effort. I'm one more happy user, having growing pains today as I migrate from Dach to Bering, due to now having DSL and its PPPoE.

Setup - Bering 1.0 Release
- PPPoE over DSL
- DSL Modem is Alcatel
SpeedTouch Home
- STHome has ip addy of
172.16.0.254
- 3 NIC setup
- eth0 = internet via Alcatel
- eth1 = private LAN
- eth2 = DMZ

Problem: virgin setup using Alcatel
STHome DSL modem ...
can't ping from Bering's console
to the internet ... nothing
shows up in syslog ...

graphically...
iNet
|
|
=================================
=== Alcatel STHome DSL modem ====
=================================
= ^ =
= | =
= 172.16.0.254 v =
=================================
^ ^
| |
v v
======================================
======== Bering 1.0 Router ===========
======================================
= eth0 ppp0 =
= =
= 172.16.0.1/24 64.39.y.z =
= via STATIC via PPPoE =
= =
= =
= 192.168.0.254/24 =
= via STATIC, 10.0.0.254/24 =
= + DHCP Server via STATIC =
= eth1 eth2 =
======================================
^ ^
| |
v v
Private DMZ Lan
LAN

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Problem: Cannot ping from fw's console
to the internet. When I try:
ping 204.101.215.10
I get NO response, until I ctrl-C
when I'm told that about 100%
packet loss - "type 1 ping fail" per:
http://sourceforge.net/docman/
display_doc.php?docid=4099&group_id=13751

Observations:
- I need to have both 'auto ppp0' (et al) and 'auto
eth0' (et al) in my interfaces file (/etc/interfaces)
because of my 'dual IP' connection from the router to
the DSL connection (static 172.16... and PPPoE
assigned 64.39...)?!

- In syslog there's no entries, at all, from pppd. I
would have expected some feedback, even if everything
was successful. I suspect that it is, however, working
because I get an intelligent ip address (64.39...) on
the ppp0 interface. That, and 'ps -aux' show it's
loaded in memory.
==================================
3862 root 1540 S /usr/sbin/pppd call dsl-provider eth0
==================================

- 'ip route' gives sensible output in that it has ip
addy's for all interfaces...
==================================
</root> # ip route show
==================================
64.39.160.16 dev ppp0 proto kernel scope link src 64.39.191.53
10.0.0.0/24 dev eth2 proto kernel scope link src 10.0.0.254
172.16.0.0/24 dev eth0 proto kernel scope link src 172.16.0.1
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.254
default via 172.16.0.254 dev eth0
==================================

... and 64.39... is a usual IP address
for me when I connect via XP.

When I'm connected via XP, this is the
interesting stuff that I get from ipconfig /all:
==================================
PPP adapter NBN:
Connection-specific
DNS Suffix :
Description . . . . : WAN (PPP/SLIP) Interface
Physical Address. . : 00-53-45-00-00-00
Dhcp Enabled. . . . : No
! IP Address. . . . . : 64.39.191.53
!! Subnet Mask . . . . : 255.255.255.255
! Default Gateway . . : 64.39.191.53
DNS Servers . . . . : 199.166.210.2
199.166.210.5
NetBIOS over Tcpip. : Disabled
==================================
And what's weird is that my default gateway is the
same as my iwn IP address?! That, and I get a subnet
mask of /32.

So for my Bering box, I am left wondering if if the
'default via' should instead be reading 64.39.191.53?

Final ovservation:
- iptables -nvL has a _lot_ of 0.0.0.0/0 entries - like
almost everyone ... and there's no entries for my
64.39... addy so I think that something is definitely
amiss.

Below is output of all manner - I hope that someone can
turn me on to what I'm doing wrong. At the very end is info
from my XP system, when it is the one connecting to the
Alcatel, and thus the internet ... a working example if you
will.

I have a suspicion my Bering troubles are due to a simple
miscong on my part. I think that my 'unusual' complexity
stems from the fact that I need to have the Bering box have a
connection to the Alcatel via 172.16.0.254 (it's factory
default is usually 10.0.0.138). Because of this dual ip feature,
do I neeed to use 'multi' in some of the config files in
Shorewall?

I've been over and through the Bering install & user's guide,
pppoe sections, etc. but am not having any luck.

Thanks for any leads and assistance,
scott

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

==================================
Login prompt:
==================================
Bering V1.0-stable firewall ttyS0
firewall login:

==================================
</root> # uname -a
==================================
Linux firewall 2.4.18 #1 Sun Nov 10 17:40:20 UTC 2002 i586 unknown

==================================
</root> # ip addr show
==================================
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:40:05:5d:7d:4e brd ff:ff:ff:ff:ff:ff
inet 172.16.0.1/24 brd 172.16.0.255 scope global eth0
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:80:c6:f1:c8:c8 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.254/24 brd 192.168.0.255 scope global eth1
5: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:60:67:04:85:97 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.254/24 brd 10.0.0.255 scope global eth2
6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3
link/ppp
inet 64.39.191.53 peer 64.39.160.16/32 scope global ppp0

==================================
</root> # ip route show
==================================
64.39.160.16 dev ppp0 proto kernel scope link src 64.39.191.53
10.0.0.0/24 dev eth2 proto kernel scope link src 10.0.0.254
172.16.0.0/24 dev eth0 proto kernel scope link src 172.16.0.1
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.254
default via 172.16.0.254 dev eth0

=== failed ping to internet... ===
</root> # ping 204.101.215.10
==================================
PING 204.101.215.10 (204.101.215.10): 56 data bytes

--- 204.101.215.10 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

==================================
</root> # grep -v "#" /etc/ppp/options
==================================
asyncmap 0
auth
crtscts
lock
hide-password
modem
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
noipx

==================================
</root> # grep -v "#" /etc/ppp/chap-secrets
==================================
[EMAIL PROTECTED] * my_password

==================================
</root> # grep -v "#" /etc/ppp/pap-secrets
==================================
[EMAIL PROTECTED] * my_password

==================================
</root> # grep -v "#" /etc/ppp/peers/dsl-provider
==================================
plugin /usr/lib/pppd/pppoe.so
name "[EMAIL PROTECTED]"
noipdefault
defaultroute
hide-password
lcp-echo-interval 20
lcp-echo-failure 3
connect /bin/true
noauth
persist
mtu 1492

==================================
</root> # cat /etc/network/ifstate
==================================
lo=lo
eth0=eth0
ppp0=ppp0
eth1=eth1
eth2=eth2

==================================
</root> # grep -v "#" /etc/network/interfaces
==================================
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 172.16.0.1
masklen 24
broadcast 172.16.0.255
gateway 172.16.0.254

auto ppp0
iface ppp0 inet ppp
pre-up ip link set eth0 up
provider dsl-provider eth0

auto eth1
iface eth1 inet static
address 192.168.0.254
masklen 24
broadcast 192.168.0.255

auto eth2
iface eth2 inet static
address 10.0.0.254
masklen 24
broadcast 10.0.0.255

==================================
</root> # grep -v "#" /etc/shorewall/zones
==================================
net Net Internet
loc Local Local networks
dmz DMZ DMZ

==================================
</root> # grep -v "#" /etc/shorewall/interfaces
==================================
net ppp0 - blacklist

net eth0 detect blacklist

loc eth1 detect routestopped
dmz eth2 detect

==================================
</root> # grep -v "#" /etc/shorewall/policy
==================================
loc net ACCEPT
fw net ACCEPT
net all DROP info
all all REJECT info

==================================
</root> # grep -v "#" /etc/shorewall/rules
==================================
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
ACCEPT loc fw tcp 22
ACCEPT loc fw udp 53
ACCEPT loc fw tcp 80

==================================
</root> # grep -v "#" /etc/shorewall/shorewall.conf
==================================
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
FW=fw
SUBSYSLOCK=/var/run/shorewall
STATEDIR=/tmp/shorewall
ALLOWRELATED=yes
MODULESDIR=
LOGRATE=
LOGBURST=
LOGUNCLEAN=info
LOGFILE=/var/log/messages
NAT_ENABLED=Yes
MANGLE_ENABLED=Yes
IP_FORWARDING=On
ADD_IP_ALIASES=Yes
ADD_SNAT_ALIASES=No
TC_ENABLED=No
BLACKLIST_DISPOSITION=DROP
BLACKLIST_LOGLEVEL=
CLAMPMSS=Yes
ROUTE_FILTER=No
NAT_BEFORE_RULES=Yes
MULTIPORT=No
DETECT_DNAT_IPADDRS=No
MERGE_HOSTS=Yes
MUTEX_TIMEOUT=60
LOGNEWNOTSYN=
FORWARDPING=Yes
NEWNOTSYN=No
MACLIST_DISPOSITION=REJECT
MACLIST_LOG_LEVEL=info

==================================
At various times I have received msgs
from pppd, showing up in syslog. Here's some
of them if they are helpful. I think, perhaps,
they show up when I've disconnected the
eth0 connection.

Please note: These msgs are not showing up
under my _present_ Bering config, the one
that I have documented herein.

Jan 26 17:37:08 firewall pppd[9439]: No response to 3 echo-requests
Jan 26 17:37:08 firewall pppd[9439]: Serial link appears to be disconnected.
Jan 26 17:37:08 firewall pppd[9439]: Couldn't increase MTU to 1500.
Jan 26 17:37:08 firewall pppd[9439]: Couldn't increase MRU to 1500
Jan 26 17:37:14 firewall pppd[9439]: Connection terminated.
Jan 26 17:37:14 firewall pppd[9439]: Connect time 4.7 minutes.
Jan 26 17:37:14 firewall pppd[9439]: Sent 30 bytes, received 114 bytes.
Jan 26 17:37:14 firewall pppd[9439]: Doing disconnect
Jan 26 17:37:44 firewall pppd[9439]: Sending PADI
Jan 26 18:11:50 firewall pppd[9439]: Connecting PPPoE socket: 00:90:1a:40:1c:f9 0000 eth0 0x807c260
Jan 26 18:11:50 firewall pppd[9439]: Couldn't get channel number: Transport endpoint is not connected
Jan 26 18:11:50 firewall pppd[9439]: Doing disconnect
Jan 26 18:12:20 firewall pppd[9439]: Sending PADI
Jan 26 18:46:26 firewall pppd[9439]: Connecting PPPoE socket: 00:90:1a:40:1c:f9 0000 eth0 0x807c260
Jan 26 18:46:26 firewall pppd[9439]: Couldn't get channel number: Transport endpoint is not connected
Jan 26 18:46:26 firewall pppd[9439]: Doing disconnect
Jan 26 18:46:56 firewall pppd[9439]: Sending PADI

----

Jan 25 00:42:28 firewall pppd[19484]: pppd 2.4.1 started by root, uid 0

----

Jan 25 23:17:04 firewall pppd[10916]: not replacing existing default route to eth0 [172.16.0.254]
Jan 25 23:17:04 firewall pppd[10916]: Cannot determine ethernet address for proxy ARP
Jan 25 23:17:04 firewall pppd[10916]: local  IP address 64.39.191.38
Jan 25 23:17:04 firewall pppd[10916]: remote IP address 64.39.160.16

----
> Jan 26 01:52:37 firewall pppd[29204]: Couldn't increase MTU to 1500.
> Jan 26 01:52:37 firewall pppd[29204]: Couldn't increase MRU to 1500
> Jan 26 01:52:37 firewall pppd[29204]: not replacing existing default
> route to eth0 [172.16.0.254]
> Jan 26 01:52:37 firewall pppd[29204]: Cannot determine ethernet
> address for proxy ARP
> Jan 26 01:52:37 firewall pppd[29204]: local IP address 64.39.191.38
> Jan 26 01:52:37 firewall pppd[29204]: remote IP address 64.39.160.16


==================================
</root> # iptables -nvL
==================================
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT ah -- lo * 0.0.0.0/0
0.0.0.0/0
0 0 ppp0_in ah -- ppp0 * 0.0.0.0/0
0.0.0.0/0
5 336 eth0_in ah -- eth0 * 0.0.0.0/0
0.0.0.0/0
0 0 eth1_in ah -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 eth2_in ah -- eth2 * 0.0.0.0/0
0.0.0.0/0
0 0 common ah -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG ah -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
0 0 reject ah -- * * 0.0.0.0/0
0.0.0.0/0

...and the remainder is much like this,
so it's been mostly snipped...

Chain reject (6 references)
pkts bytes target prot opt in out source
destination
0 0 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with tcp-reset
0 0 REJECT ah -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable

Chain shorewall (0 references)
pkts bytes target prot opt in out source
destination

==================================
</root> # ps -aux
==================================
PID Uid VmSize Stat Command
1 root 1160 S init [2]
2 root S [keventd]
3 root S [ksoftirqd_CPU0]
4 root S [kswapd]
5 root S [bdflush]
6 root S [kupdated]
3862 root 1540 S /usr/sbin/pppd call dsl-provider eth0
7132 root 1264 S /sbin/syslogd -m 240
10418 root 1848 S /sbin/klogd
5823 root 1656 S /usr/sbin/watchdog
27279 root 1556 S /usr/sbin/inetd
32208 root 1192 S /usr/sbin/dhcpd eth1
3844 root 1512 S /usr/sbin/cron
4021 root 1508 S /sbin/getty 38400 tty1
4077 root 1788 S /sbin/getty 38400 tty2
29372 root 1612 S -sh
16936 root 1076 R ps -aux

==================================
</root> # cat /var/log/syslog
==================================
Jan 26 22:29:09 firewall syslogd 1.3-3#31.slink1: restart.
Jan 26 22:29:09 firewall kernel: klogd 1.3-3#31.slink1, log source =
/proc/kmsg started.
Jan 26 22:29:09 firewall kernel: Cannot find map file.
Jan 26 22:29:09 firewall kernel: Loaded 141 symbols from 17 modules.
Jan 26 22:29:09 firewall kernel: Linux version 2.4.18 (root@uml_woody)
(gcc version 2.95.4 20011002 (Debian prerelease)) #1 Sun Nov 10 17:40:20
UTC 2002
Jan 26 22:29:09 firewall kernel: BIOS-provided physical RAM map:
Jan 26 22:29:09 firewall kernel: BIOS-e820: 0000000000000000 -
00000000000a0000 (usable)
Jan 26 22:29:09 firewall kernel: BIOS-e820: 00000000000f0000 -
0000000000100000 (reserved)
Jan 26 22:29:09 firewall kernel: BIOS-e820: 0000000000100000 -
0000000001800000 (usable)
Jan 26 22:29:09 firewall kernel: BIOS-e820: 00000000ffff0000 -
0000000100000000 (reserved)
Jan 26 22:29:09 firewall kernel: On node 0 totalpages: 6144
Jan 26 22:29:09 firewall kernel: zone(0): 4096 pages.
Jan 26 22:29:09 firewall kernel: zone(1): 2048 pages.
Jan 26 22:29:09 firewall kernel: zone(2): 0 pages.
Jan 26 22:29:09 firewall kernel: Kernel command line:
console=ttyS0,38400 BOOT_IMAGE=linux initrd=initrd.lrp init=/linuxrc
root=/dev/ram0 boot=/dev/hda1:msdos PKGPATH=/dev/hda1
LRP=root,etc,local,modules,iptables,ppp,pppoe,dhcpd,shorwall,dnscache,weblet

Jan 26 22:29:09 firewall kernel: Initializing CPU#0
Jan 26 22:29:09 firewall kernel: Detected 133.636 MHz processor.
Jan 26 22:29:09 firewall kernel: Console: colour VGA+ 80x25
Jan 26 22:29:09 firewall kernel: Calibrating delay loop... 266.24 BogoMIPS
Jan 26 22:29:09 firewall kernel: Memory: 21952k/24576k available (907k
kernel code, 2240k reserved, 232k data, 60k init, 0k highmem)
Jan 26 22:29:09 firewall kernel: Dentry-cache hash table entries: 4096
(order: 3, 32768 bytes)
Jan 26 22:29:09 firewall kernel: Inode-cache hash table entries: 2048
(order: 2, 16384 bytes)
Jan 26 22:29:09 firewall kernel: Mount-cache hash table entries: 512
(order: 0, 4096 bytes)
Jan 26 22:29:09 firewall kernel: Buffer-cache hash table entries: 1024
(order: 0, 4096 bytes)
Jan 26 22:29:09 firewall kernel: Page-cache hash table entries: 8192
(order: 3, 32768 bytes)
Jan 26 22:29:09 firewall kernel: CPU: Before vendor init, caps: 000001bf
00000000 00000000, vendor = 0
Jan 26 22:29:09 firewall kernel: Intel Pentium with F0 0F bug -
workaround enabled.
Jan 26 22:29:09 firewall kernel: CPU: After vendor init, caps: 000001bf
00000000 00000000 00000000
Jan 26 22:29:09 firewall kernel: CPU: After generic, caps: 000001bf
00000000 00000000 00000000
Jan 26 22:29:09 firewall kernel: CPU: Common caps: 000001bf
00000000 00000000 00000000
Jan 26 22:29:09 firewall kernel: CPU: Intel Pentium 75 - 200 stepping 06
Jan 26 22:29:09 firewall kernel: Checking 'hlt' instruction... OK.
Jan 26 22:29:09 firewall kernel: POSIX conformance testing by UNIFIX
Jan 26 22:29:09 firewall kernel: PCI: PCI BIOS revision 2.10 entry at
0xfb1c0, last bus=0
Jan 26 22:29:09 firewall kernel: PCI: Using configuration type 1
Jan 26 22:29:09 firewall kernel: PCI: Probing PCI hardware
Jan 26 22:29:09 firewall kernel: Limiting direct PCI/PCI transfers.
Jan 26 22:29:09 firewall kernel: Activating ISA DMA hang workarounds.
Jan 26 22:29:09 firewall kernel: Linux NET4.0 for Linux 2.4
Jan 26 22:29:09 firewall kernel: Based upon Swansea University Computer
Society NET3.039
Jan 26 22:29:09 firewall kernel: Initializing RT netlink socket
Jan 26 22:29:09 firewall kernel: Starting kswapd
Jan 26 22:29:09 firewall kernel: pty: 256 Unix98 ptys configured
Jan 26 22:29:09 firewall kernel: Serial driver version 5.05c
(2001-07-08) with MANY_PORTS SHARE_IRQ DETECT_IRQ SERIAL_PCI enabled
Jan 26 22:29:09 firewall kernel: ttyS00 at 0x03f8 (irq = 4) is a 16550A
Jan 26 22:29:09 firewall kernel: ttyS01 at 0x02f8 (irq = 3) is a 16550A
Jan 26 22:29:09 firewall kernel: Software Watchdog Timer: 0.05, timer
margin: 60 sec
Jan 26 22:29:09 firewall kernel: block: 64 slots per queue, batch=16
Jan 26 22:29:09 firewall kernel: RAMDISK driver initialized: 16 RAM
disks of 4096K size 1024 blocksize
Jan 26 22:29:09 firewall kernel: Floppy drive(s): fd0 is 1.44M
Jan 26 22:29:09 firewall kernel: FDC 0 is an 8272A
Jan 26 22:29:09 firewall kernel: NET4: Linux TCP/IP 1.0 for NET4.0
Jan 26 22:29:09 firewall kernel: IP Protocols: ICMP, UDP, TCP, IGMP
Jan 26 22:29:09 firewall kernel: IP: routing cache hash table of 512
buckets, 4Kbytes
Jan 26 22:29:09 firewall kernel: TCP: Hash tables configured
(established 2048 bind 2048)
Jan 26 22:29:09 firewall kernel: Linux IP multicast router 0.06 plus PIM-SM
Jan 26 22:29:09 firewall kernel: ip_conntrack version 2.0 (192 buckets,
1536 max) - 312 bytes per conntrack
Jan 26 22:29:09 firewall kernel: ip_tables: (C) 2000-2002 Netfilter core
team
Jan 26 22:29:09 firewall kernel: NET4: Unix domain sockets 1.0/SMP for
Linux NET4.0.
Jan 26 22:29:09 firewall kernel: RAMDISK: Compressed image found at block 0
Jan 26 22:29:09 firewall kernel: Freeing initrd memory: 440k freed
Jan 26 22:29:09 firewall kernel: VFS: Mounted root (minix filesystem).
Jan 26 22:29:09 firewall kernel: Freeing unused kernel memory: 60k freed
Jan 26 22:29:09 firewall kernel: Uniform Multi-Platform E-IDE driver
Revision: 6.31
Jan 26 22:29:09 firewall kernel: ide: Assuming 33MHz system bus speed
for PIO modes; override with idebus=xx
Jan 26 22:29:09 firewall kernel: PIIX3: IDE controller on PCI bus 00 dev 39
Jan 26 22:29:09 firewall kernel: PIIX3: chipset revision 0
Jan 26 22:29:09 firewall kernel: PIIX3: not 100%% native mode: will
probe irqs later
Jan 26 22:29:09 firewall kernel: hda: QUANTUM LP240A GM240A01X, ATA DISK
drive
Jan 26 22:29:09 firewall kernel: ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
Jan 26 22:29:09 firewall kernel: hda: 479349 sectors (245 MB) w/256KiB
Cache, CHS=723/13/51
Jan 26 22:29:09 firewall kernel: Partition check:
Jan 26 22:29:09 firewall kernel: hda: hda1 hda2 < hda5 hda6 hda7 >
Jan 26 22:29:09 firewall kernel: ne2k-pci.c:v1.02 10/19/2000 D.
Becker/P. Gortmaker
Jan 26 22:29:09 firewall kernel:
http://www.scyld.com/network/ne2k-pci.html
Jan 26 22:29:09 firewall kernel: eth0: RealTek RTL-8029 found at 0x6200,
IRQ 9, 00:40:05:5D:7D:4E.
Jan 26 22:29:09 firewall kernel: Linux Tulip driver version 0.9.15-pre9
(Nov 6, 2001)
Jan 26 22:29:09 firewall kernel: tulip0: no phy info, aborting mtable build
Jan 26 22:29:09 firewall kernel: eth1: Macronix 98715 PMAC rev 37 at
0xc2031000, 00:80:C6:F1:C8:C8, IRQ 11.
Jan 26 22:29:09 firewall kernel: ne.c:v1.10 9/23/94 Donald Becker
([EMAIL PROTECTED])
Jan 26 22:29:09 firewall kernel: Last modified Nov 1, 2000 by Paul
Gortmaker
Jan 26 22:29:09 firewall kernel: NE*000 ethercard probe at 0x220: 00 60
67 04 85 97
Jan 26 22:29:09 firewall kernel: eth2: NE2000 found at 0x220, using IRQ 10.
Jan 26 22:29:09 firewall kernel: CSLIP: code copyright 1989 Regents of
the University of California
Jan 26 22:29:09 firewall kernel: HDLC line discipline: version
$Revision: 3.3 $, maxframe=4096
Jan 26 22:29:09 firewall kernel: N_HDLC line discipline registered.
Jan 26 22:29:09 firewall kernel: PPP generic driver version 2.4.1
Jan 26 22:29:09 firewall dhcpd: Internet Software Consortium DHCP Server
2.0pl5
Jan 26 22:29:09 firewall dhcpd: Copyright 1995, 1996, 1997, 1998, 1999
The Internet Software Consortium.
Jan 26 22:29:09 firewall dhcpd: All rights reserved.
Jan 26 22:29:09 firewall dhcpd:
Jan 26 22:29:09 firewall dhcpd: Please contribute if you find this
software useful.
Jan 26 22:29:09 firewall dhcpd: For info, please visit
http://www.isc.org/dhcp-contrib.html
Jan 26 22:29:09 firewall dhcpd:
Jan 26 22:29:09 firewall dhcpd: Listening on
LPF/eth1/00:80:c6:f1:c8:c8/192.168.0.0
Jan 26 22:29:09 firewall dhcpd: Sending on
LPF/eth1/00:80:c6:f1:c8:c8/192.168.0.0
Jan 26 22:29:09 firewall dhcpd: Sending on Socket/fallback/fallback-net
Jan 26 22:29:19 firewall root: Shorewall Started
Jan 26 22:29:19 firewall /usr/sbin/cron[26869]: (CRON) INFO (pidfile fd = 3)
Jan 26 22:29:19 firewall /usr/sbin/cron[3844]: (CRON) STARTUP (fork ok)
Jan 26 22:30:01 firewall /USR/SBIN/CRON[25976]: (root) CMD
(/etc/multicron-p)

==================================
System startup
==================================
Loading linux............
Loading initrd.lrp.........
Ready.
Linux version 2.4.18 (root@uml_woody) (gcc version 2.95.4 20011002
(Debian prerelease)) #1 Sun Nov 10 17:40:20 UTC 2002
BIOS-provided physical RAM map:
BIOS-e820: 0000000000000000 - 00000000000a0000 (usable)
BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved)
BIOS-e820: 0000000000100000 - 0000000001800000 (usable)
BIOS-e820: 00000000ffff0000 - 0000000100000000 (reserved)
On node 0 totalpages: 6144
zone(0): 4096 pages.
zone(1): 2048 pages.
zone(2): 0 pages.
Kernel command line: console=ttyS0,38400 BOOT_IMAGE=linux
initrd=initrd.lrp init=/linuxrc root=/dev/ram0 boot=/dev/hda1:msdos
PKGPATH=/dev/hda1
LRP=root,etc,local,modules,iptables,ppp,pppoe,dhcpd,shorwall,dnscache,weblet
Initializing CPU#0
Detected 133.638 MHz processor.
Console: colour VGA+ 80x25
Calibrating delay loop... 266.24 BogoMIPS
Memory: 21952k/24576k available (907k kernel code, 2240k reserved, 232k
data, 60k init, 0k highmem)
Dentry-cache hash table entries: 4096 (order: 3, 32768 bytes)
Inode-cache hash table entries: 2048 (order: 2, 16384 bytes)
Mount-cache hash table entries: 512 (order: 0, 4096 bytes)
Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes)
Page-cache hash table entries: 8192 (order: 3, 32768 bytes)
Intel Pentium with F0 0F bug - workaround enabled.
CPU: Intel Pentium 75 - 200 stepping 06
Checking 'hlt' instruction... OK.
POSIX conformance testing by UNIFIX
PCI: PCI BIOS revision 2.10 entry at 0xfb1c0, last bus=0
PCI: Using configuration type 1
PCI: Probing PCI hardware
Limiting direct PCI/PCI transfers.
Activating ISA DMA hang workarounds.
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
Initializing RT netlink socket
Starting kswapd
pty: 256 Unix98 ptys configured
Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ
DETECT_IRQ SERIAL_PCI enabled
�ttyS00 at 0x03f8 (irq = 4) is a 16550A
ttyS01 at 0x02f8 (irq = 3) is a 16550A
Software Watchdog Timer: 0.05, timer margin: 60 sec
block: 64 slots per queue, batch=16
RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize
Floppy drive(s): fd0 is 1.44M
FDC 0 is an 8272A
NET4: Linux TCP/IP 1.0 for NET4.0
IP Protocols: ICMP, UDP, TCP, IGMP
IP: routing cache hash table of 512 buckets, 4Kbytes
TCP: Hash tables configured (established 2048 bind 2048)
Linux IP multicast router 0.06 plus PIM-SM
ip_conntrack version 2.0 (192 buckets, 1536 max) - 312 bytes per conntrack
ip_tables: (C) 2000-2002 Netfilter core team
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
RAMDISK: Compressed image found at block 0
Freeing initrd memory: 440k freed
VFS: Mounted root (minix filesystem).
Freeing unused kernel memory: 60k freed
LINUXRC: Bering - Initrd - V1.0-stable
Using /boot/lib/modules/ide-mod.o
Uniform Multi-Platform E-IDE driver Revision: 6.31
ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
PIIX3: IDE controller on PCI bus 00 dev 39
PIIX3: chipset revision 0
PIIX3: not 100% native mode: will probe irqs later
Using /boot/lib/modules/ide-disk.o
Using /boot/lib/modules/ide-probe-mod.o
hda: QUANTUM LP240A GM240A01X, ATA DISK drive
ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
Mounting a 6M TMPFS filesystem...
hda: 479349 sectors (245 MB) w/256KiB Cache, CHS=723/13/51
Partition check:
hda: hda1 hda2 < hda5 hda6 hda7 >

LINUXRC: Installing - root: /dev/hda1 etc: /dev/hda1 local: /dev/hda1
modules: /dev/hda1 iptables: /dev/hda1 ppp: /dev/hda1 pppoe:
/dev/hda1 dhcpd: /dev/hda1 shorwall: /dev/hda1 dnscache: /dev/hda1
weblet: /dev/hda1 - Finished.
INIT: version 2.78 booting
Loading modules:
8390 - find: /proc/28876: No such file or directory
Using /lib/modules/8390.o
ne2k-pci - Using /lib/modules/ne2k-pci.o
ne2k-pci.c:v1.02 10/19/2000 D. Becker/P. Gortmaker
http://www.scyld.com/network/ne2k-pci.html
eth0: RealTek RTL-8029 found at 0x6200, IRQ 9, 00:40:05:5D:7D:4E.
tulip - Using /lib/modules/tulip.o
Linux Tulip driver version 0.9.15-pre9 (Nov 6, 2001)
tulip0: no phy info, aborting mtable build
eth1: Macronix 98715 PMAC rev 37 at 0xc2031000, 00:80:C6:F1:C8:C8, IRQ 11.
ne - Using /lib/modules/ne.o
ne.c:v1.10 9/23/94 Donald Becker ([EMAIL PROTECTED])
Last modified Nov 1, 2000 by Paul Gortmaker
NE*000 ethercard probe at 0x220: 00 60 67 04 85 97
eth2: NE2000 found at 0x220, using IRQ 10.
slhc - Using /lib/modules/slhc.o
CSLIP: code copyright 1989 Regents of the University of California
n_hdlc - Using /lib/modules/n_hdlc.o
HDLC line discipline: version $Revision: 3.3 $, maxframe=4096
N_HDLC line discipline registered.
ppp_generic - Using /lib/modules/ppp_generic.o
PPP generic driver version 2.4.1
ppp_synctty - Using /lib/modules/ppp_synctty.o
pppox - Using /lib/modules/pppox.o
pppoe - Using /lib/modules/pppoe.o
ip_conntrack_ftp - Using /lib/modules/ip_conntrack_ftp.o
ip_conntrack_irc - Using /lib/modules/ip_conntrack_irc.o
ip_nat_ftp - Using /lib/modules/ip_nat_ftp.o
ip_nat_irc - Using /lib/modules/ip_nat_irc.o

Mounting local file systems...
mount: Mounting 8 on failed: No such file or directory
Cleaning: /etc/network/ifstate.
Setting up IP spoofing protection: rp_filter.
Configuring network interfaces: Plugin /usr/lib/pppd/pppoe.so loaded.
PPPoE Plugin Initialized
done.

Local time: Mon Jan 27 00:19:21 UTC 2003

Initializing random number generator... done.
INIT: Entering runlevel: 2
Starting system log daemon: syslogdTerminated
klogd.
Starting software watchdog... done.
Starting internet superserver: inetd.
Starting dhcpd on eth1:
Internet Software Consortium DHCP Server 2.0pl5
Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.
All rights reserved.

Please contribute if you find this software useful.
For info, please visit http://www.isc.org/dhcp-contrib.html

Listening on LPF/eth1/00:80:c6:f1:c8:c8/192.168.0.0
Sending on LPF/eth1/00:80:c6:f1:c8:c8/192.168.0.0
Sending on Socket/fallback/fallback-net
Processing /etc/shorewall/shorewall.conf ...
Processing /etc/shorewall/params ...
Starting Shorewall...
Initializing...
Determining Zones...
Zones: net loc dmz
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
Net Zone: ppp0:0.0.0.0/0 eth0:0.0.0.0/0
Local Zone: eth1:0.0.0.0/0
DMZ Zone: eth2:0.0.0.0/0
Deleting user chains...
Creating input Chains...
Configuring Proxy ARP
Setting up NAT...
Adding Common Rules
Adding rules for DHCP
Setting up Blacklisting...
Blacklisting enabled on ppp0
Blacklisting enabled on eth0
IP Forwarding Enabled
Processing /etc/shorewall/tunnels...
Processing /etc/shorewall/rules...
Rule "ACCEPT fw net tcp 53" added.
Rule "ACCEPT fw net udp 53" added.
Rule "ACCEPT loc fw tcp 22" added.
Rule "ACCEPT loc fw udp 53" added.
Rule "ACCEPT loc fw tcp 80" added.
Setting up ICMP Echo handling...
Processing /etc/shorewall/policy...
Policy ACCEPT for fw to net using chain fw2net
Policy DROP for net to net using chain net2all
Policy REJECT for loc to fw using chain all2all
Policy ACCEPT for loc to net using chain loc2net
Masqueraded Subnets and Hosts:
To 0.0.0.0/0 from eth1 through ppp0
Processing /etc/shorewall/tos...
Rule "all all tcp - ssh 16" added.
Rule "all all tcp ssh - 16" added.
Rule "all all tcp - ftp 16" added.
Rule "all all tcp ftp - 16" added.
Rule "all all tcp ftp-data - 8" added.
Rule "all all tcp - ftp-data 8" added.
Activating Rules...
Processing /etc/shorewall/OUTPUT ...
Processing /etc/shorewall/start ...
Shorewall Started
dnscache queries allowed from 192.168
Starting dnscache without daemontools ...
Starting periodic command scheduler: cron.

Bering V1.0-stable firewall ttyS0
firewall login:

=========================================
=========================================

XP Stuff...
=========================================

I can connect to the net fine using WinXP, SP1. I
create the connection using NewConnectionWizard
under Networks. I set it up as a PPPoE connection
and supply my username and password.

When it's up and connected, this is my state:

C:\>ipconfig /all
------------------
Windows IP Configuration
Host Name . . . . . . . . . . . . : ske
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:
Connection-specific
DNS Suffix . :
Description . . . . . : D-Link DFE-530TX+ PCI Adapter
Physical Address. . . : 00-50-BA-D2-1C-C3
Dhcp Enabled. . . . . : No
IP Address. . . . . . : 172.16.0.1
Subnet Mask . . . . . : 255.255.255.0
Default Gateway . . . : 172.16.0.254

PPP adapter NBN:
Connection-specific
DNS Suffix . :
Description . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . : No
IP Address. . . . . . : 64.39.191.112
Subnet Mask . . . . . : 255.255.255.255
Default Gateway . . . : 64.39.191.112
DNS Servers . . . . . : 199.166.210.2
199.166.210.5
NetBIOS over Tcpip. . : Disabled

---------------
C:\>route print
---------------
================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0xc0002 ...00 50 ba d2 1c c3 ..D-Link DFE-530TX+ PCI Adapter
- Packet Scheduler Miniport
0x210004 ...00 53 45 00 00 00 . WAN (PPP/SLIP) Interface
================================================================
================================================================
Active Routes:
Network Destin'n Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 64.39.191.112 64.39.191.112 1
0.0.0.0 0.0.0.0 172.16.0.254 172.16.0.1 31
64.39.160.16 255.255.255.255 64.39.191.112 64.39.191.112 1
64.39.191.112 255.255.255.255 127.0.0.1 127.0.0.1 50
64.255.255.255 255.255.255.255 64.39.191.112 64.39.191.112 50
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.16.0.0 255.255.255.0 172.16.0.1 172.16.0.1 30
172.16.0.1 255.255.255.255 127.0.0.1 127.0.0.1 30
172.16.255.255 255.255.255.255 172.16.0.1 172.16.0.1 30
224.0.0.0 240.0.0.0 172.16.0.1 172.16.0.1 30
224.0.0.0 240.0.0.0 64.39.191.112 64.39.191.112 1
255.255.255.255 255.255.255.255 172.16.0.1 172.16.0.1 1
Default Gateway: 64.39.191.112
================================================================
Persistent Routes:
None



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html