Re: Unstable PPPoE

[Dorian Büttner]

Timothy Wilson wrote:


/etc/hostname.pppoe:

inet 0.0.0.0 255.255.255.255 NONE pppoedev url0 authproto auto
authname 'user' authkey 'pass' up
dest 0.0.0.1
!/sbin/route/ add default -ifp pppoe0 0.0.0.1

echo up  /etc/hostname.url0

Please feel free to give suggetions to my pf.conf etc!
  



Hi Timothy,

I'm recently setting up my box to do pppoe as well, and I found your 
hostname.pppoe not working at all, unless I changed authproto to pap.

auto isn't even supposed to work.

Here's what man ifconfig says:
authproto proto
Set the PPP authentication protocol on the specified interface
acting as a client.  The protocol name can be either `chap',
`pap', or `none'.  In the latter case, authentication will be
turned off.


I'm wondering why your box goes online at all?
Regards,
Dorian

Unstable PPPoE

[Timothy Wilson]

Hello ladies and gentlemen!

I'm having a frustrating problem. My internet is highly unstable when
using bit torrent. I don't think there's anything special about my
configuration: my gateway is a craptop with inbuilt Intel ethernet and
a url0 USB ethernet for the modem. The connection is bridged, using pf
(obviously) for routing / firewall and kernel PPPoE for dialing via my
bridged netcomm nb5+.

Basically, when I try to use bit torrent the connection dies after
about 20mins. The kernel PPPoE daemon doesn't bring it back up. In
fact, even doing
#sh /etc/netstart
doesn't bring it back up. The only way to bring it back up is via a
reboot :( Very frustrating. It also takes about 10-15mins to
reconnect; surely that's a bit too long, even for PPPoE? I know this
isn't a problem with my ISP as I've always been able to download bt
stably when I was using the modem in router mode. I thought it might
have been an MTU problem, but I'm using the mss fix in /etc/pf.conf,
so I don't think it's that. I played around with a few values just to
be sure, but I'm open to suggestions.
I'll post my dmesg, /etc/pf.conf and /etc/hostname.pppoe. If there's
anything else I should send, please let me know!

/etc/pf.conf:

# Timothy's PF.conf, running on failtop

# My fun as ports!
#
# Bit torrent
shitbox_bt  = 6881
craptop_bt  = 6882
failtop_bt  = { 6883, 6884, 6885, 6886 }
# SSH
shitbox_ssh = 22
craptop_ssh = 24
failtop_ssh = 25
# VoIP
johnbox_voip= { 3478, 5060, 8000, 8001 }

# Macro fun!!!
#tcp_services   = { www, ssh, domain, auth }
udp_services= { domain, ntp, 3478, 5060, 8000, 8001 } #look at
adding NTP for clients
allow_out   = { 1863, 6969, www, ftp-data, ftp, ssh, domain, pop3,
smtp, auth, http, https, 446, 8080 }
icmp_types  = { echoreq, unreach }
bt_pass = { 6881,6880,6882,6883, 6884, 6885, 6886 }

# Fun fun interfaces
ext_if  = pppoe0
int_if  = fxp0
local   = $int_if:network
outside = $ext_if:network
#ftpProxy   = 127.0.0.1

# IP Map (lots of fun)
shitbox_ip  = 192.168.1.10
craptop_ip  = 192.168.1.3
failtop_ip  = 192.168.1.55
johnbox_ip  = 192.168.1.8
martians= { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
  10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \
  0.0.0.0/8, 240.0.0.0/4 }

# Normalisation fun!
scrub in #all
scrub out on pppoe0 max-mss 1440

# Fun fun rules!
#
# NAT section
nat on $ext_if from $local to any - ($ext_if)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr on $int_if proto tcp from any to any port 21 - 127.0.0.1 port 8021

# Services
#
#Squid
rdr on $ext_if proto tcp from $ext_if:network to any port www -
$failtop_ip port 3128
# Outside users!
# Redirect Bit Torrent
rdr on $ext_if proto {udp,tcp} from any to $ext_if port $shitbox_bt -
$shitbox_ip
rdr on $ext_if proto tcp from any to $ext_if port $craptop_bt - $craptop_ip
rdr on $ext_if proto {udp,tcp} from any to $ext_if port $failtop_bt -
$failtop_ip
# Redirect SSH
rdr on $ext_if proto tcp from any to $ext_if port $shitbox_ssh - $shitbox_ip
rdr on $ext_if proto tcp from any to $ext_if port $craptop_ssh - $craptop_ip
rdr on $ext_if proto tcp from any to $ext_if port $failtop_ssh - $failtop_ip
# Redirect VoIP
rdr on $ext_if proto {tcp, udp} from any to $ext_if port $johnbox_voip
- $johnbox_ip
# Local users!
# Redirect SSH
rdr on $int_if proto tcp from $local to $ext_if port $shitbox_ssh -
$shitbox_ip
rdr on $int_if proto tcp from $local to $ext_if port $craptop_ssh -
$craptop_ip
rdr on $int_if proto tcp from $local to $ext_if port $failtop_ssh -
$failtop_ip


# Fun fun filtering section
antispoof for $ext_if
antispoof for $int_if
block drop in quick on $ext_if from $martians to any
block drop out quick on $ext_if from any to $martians

block return
pass from { lo0, $local } to any keep state
# Fun FTP allow fun
anchor ftp-proxy/*
pass out proto tcp from 127.0.0.1 to any port 21

# Fun services for everyone to be passed out
# Allow outgoing dns, needed by pfctl to resolve names.
pass out proto tcp to any port $allow_out
pass proto udp to any port domain
# Allow BitTorrent
pass inet proto { tcp, udp } to $shitbox_ip port $bt_pass flags S/SA
keep state (max-src-conn 500)
pass inet proto { tcp, udp } to $failtop_ip port $bt_pass flags S/SA
keep state (max-src-conn 500)

#pass proto tcp from $local to any port $allow_out
pass quick inet proto { tcp, udp } to any port $udp_services keep state

# Let ICMP traffic from local as well as outside
pass inet proto icmp all icmp-type $icmp_types keep state
# Traceroute
pass out on $ext_if inet proto udp from any to any port 33433  33626
keep state

# Pass our BT and SSH fun fun packets
pass proto tcp from any to $shitbox_ip port $shitbox_bt
pass proto tcp from any to $shitbox_ip port $shitbox_ssh
pass proto tcp from any to $craptop_ip port $craptop_bt
pass proto tcp from any to $craptop_ip port $craptop_ssh
pass proto tcp from any to $failtop_ip port $failtop_bt
pass proto tcp from 

Re: Unstable PPPoE

[Daniel Melameth]

On 7/27/07, Timothy Wilson [EMAIL PROTECTED] wrote:
 I'm having a frustrating problem. My internet is highly unstable when
 using bit torrent. I don't think there's anything special about my
 configuration: my gateway is a craptop with inbuilt Intel ethernet and
 a url0 USB ethernet for the modem. The connection is bridged, using pf
 (obviously) for routing / firewall and kernel PPPoE for dialing via my
 bridged netcomm nb5+.

 Basically, when I try to use bit torrent the connection dies after
 about 20mins. The kernel PPPoE daemon doesn't bring it back up. In
 fact, even doing
 #sh /etc/netstart
 doesn't bring it back up. The only way to bring it back up is via a
 reboot :( Very frustrating. It also takes about 10-15mins to
 reconnect; surely that's a bit too long, even for PPPoE? I know this
 isn't a problem with my ISP as I've always been able to download bt
 stably when I was using the modem in router mode. I thought it might
 have been an MTU problem, but I'm using the mss fix in /etc/pf.conf,
 so I don't think it's that. I played around with a few values just to
 be sure, but I'm open to suggestions.

 dmesg:

 pppoe0: received unexpected PADO
 pppoe0: received unexpected PADO
 pppoe0: received unexpected PADO
 pppoe0: received unexpected PADO
 pppoe0: received unexpected PADO
 pppoe0: received unexpected PADO
 pppoe0: received unexpected PADO
 pppoe0: received unexpected PADO
 url0: usb error on tx: TIMEOUT
 pppoe0: LCP keepalive timeout

Based on your dmesg, it appears this might be related to url0whether
it's the hardware, driver or something associated, I don't know.  You
might want to try another Ethernet connection.  FWIW, I've never been
a fan of USB Ethernet.

Re: Unstable PPPoE

[Can E. Acar]

 Hello ladies and gentlemen!
 
 I'm having a frustrating problem. My internet is highly unstable when
 using bit torrent. I don't think there's anything special about my
 configuration: my gateway is a craptop with inbuilt Intel ethernet and
 a url0 USB ethernet for the modem. The connection is bridged, using pf
 (obviously) for routing / firewall and kernel PPPoE for dialing via my
 bridged netcomm nb5+.

I suspect it is a problem with your modem. Have you tried replacing it?
I have seen modems lock up on bittorrent/mule traffic. Usually bridge mode
prevents this, but I have no experience with your particular modem.

 Basically, when I try to use bit torrent the connection dies after
 about 20mins. The kernel PPPoE daemon doesn't bring it back up. In
 fact, even doing
 #sh /etc/netstart
 doesn't bring it back up. The only way to bring it back up is via a
 reboot :( 

In your case, reboot == disconnect + connect USB ethernet, it may even
reset the modem if it is powered by USB. Perhaps you can just unplug/replug
your USB ethernet cable and see if this removes the need to reboot?
It may also be a problem with the url0 ethernet driver.

 Very frustrating. It also takes about 10-15mins to
 reconnect; surely that's a bit too long, even for PPPoE?

This is expected since your ISP does not know you terminated the old
session.
Thus you are waiting for it to timeout before your ISP would let you
establish a new one. You can compile a kernel with
PPPOE_TERM_UNKNOWN_SESSIONS
(see pppoe(4)) to have pppoe terminate the old session.

 I know this
 isn't a problem with my ISP as I've always been able to download bt
 stably when I was using the modem in router mode. I thought it might
 have been an MTU problem, but I'm using the mss fix in /etc/pf.conf,
 so I don't think it's that. I played around with a few values just to
 be sure, but I'm open to suggestions.

What you describe is not related to MSS/MTU

 I'll post my dmesg, /etc/pf.conf and /etc/hostname.pppoe. If there's
 anything else I should send, please let me know!

After you have tried the above suggestions, and if the problem is NOT in
url(4) driver and/or the modem you can enable debugging on the pppoe0
interface 'ifconfig pppoe0 debug' and/or use tcpdump on the ethernet
interface to examine pppoe packets. Check the archives for details.


-- 
In theory, there is no difference between theory and practice.
But, in practice, there is.

Re: Unstable PPPoE

[Stuart Henderson]

 it's the hardware, driver or something associated, I don't know.  You
 might want to try another Ethernet connection.  FWIW, I've never been
 a fan of USB Ethernet.

url works surprisingly well, but I didn't like aue much. All luck of
the draw with cheap ebay vendors though :)