RE: NAT and PPPoE problems

[Sean Noonan]

> Hi,
> From my casual observation your rc.conf has a spelling error in it, you
> have gatway_enable="yes" should of course be gateway_enable="yes". Sorry
> if you had picked it up earlier. 

Doh!  That fixed it.  Thanks!  I knew it had to be something simple like
that,
and I even quadruple checked rc.conf for typos, but was concentrating on the
ppp-specific lines since pinging both the internal AND external interfaces
worked (so I figured that the "gateway" portion of the mix was working...)

Thanks again!

-Sean

*

No employee or agent is authorized to conclude any binding agreement on behalf of 
Watkins Contracting, L.P., with another 
party by email without express written confirmation by an Officer of the company.  In 
addition, any views or opinions 
presented in this email are solely those of the author and do not necessarily 
represent those of Watkins Contracting, L.P.  
Employees of Watkins Conracting, L.P., are expressly required not to make defamatory 
statements and not to infringe or 
authorize any infringement of copyright or any other legal right by email 
communications.  Any such communication is contrary 
to company policy and outside the scope of the employment of the individual concerned. 
 The company will not accept any 
liability in respect of such communication, and the employee responsible will be 
personally liable for any damages or other 
liability arising.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: NAT and PPPoE problems

[Luke Kearney]

Hi,
From my casual observation your rc.conf has a spelling error in it, you
have gatway_enable="yes" should of course be gateway_enable="yes". Sorry
if you had picked it up earlier. 

This is one of my favourites for setting up a router

http://lantech.geekvenue.net/chucktips/jason/chuck/1031194375/index_html

as is 

http://www.schlacter.net/public/FreeBSD-STABLE_and_IPFILTER.html

or

http://renaud.waldura.com/doc/freebsd/firewall/

Good luck with that one

LukeK


On Sun, 12 Oct 2003 18:16:34 -0700 (PDT)
Sean Noonan <[EMAIL PROTECTED]> granted us these pearls of wisdom:

> Hi Folks,
> 
> I've used NAT with FreeBSD for years now, but recently had to change my
> ISP.  My new ISP, SBC, uses PPPoE (yuck).  I've finally got PPPoE working,
> but am having a heck of a time getting NAT to work with it.  I'm tracking
> STABLE and cvsup'd, etc, about two weeks ago to 4.9-PRERELEASE.  Here's my
> config:
> 
> /etc/ppp/ppp.conf:
> 
> default:
>  # PPP over Ethernet
>  set log phase tun command
>  set device PPPoE:dc0
>  set mru 1492
>  set mtu 1492
>  set ctsrts off
>  set cd off
>  set redial 0 0
>  set dial
>  set login
>  # set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
>  set ifaddr 67.116.219.246/0 67.116.219.254/0
>  add default HISADDR# Add a (sticky) default route
>  enable lqr
>  enable dns
> SBC:
>  set authname [EMAIL PROTECTED]
>  set authkey mypassword
> 
> /etc/rc.conf:
> 
> ez_ipupdate_enable="YES"
> firewall_enable="YES"
> firewall_type="open"
> firewall_logging="YES"
> gatway_enable="YES"
> gif_interfaces="gif0"
> # gifconfig_gif0="67.112.141.75 67.52.144.191"
> hostname="sean-noonan.kicks-ass.net"
> ifconfig_xl0="inet 192.168.6.1 netmask 255.255.255.0"
> ipsec_enable="YES"
> kern_securelevel_enable="NO"
> linux_enable="YES"
> lpd_endable="YES"
> moused_enable="YES"
> moused_flags="-3"
> moused_type="auto"
> named_enable="NO"
> #natd_enable="YES"
> #natd_interface="dc0"
> network_interfaces="xl0 dc0 gif0 tun0 lo0"
> nfs_reserved_port_only="YES"
> nfs_server_enable="YES"
> nisdomainname="NO"
> ppp_enable="YES"
> ppp_mode="ddial"
> ppp_nat="YES"
> ppp_profile="SBC"
> saver="logo"
> sendmail_enable="YES"
> sshd_enable="YES"
> syslogd_enable="YES"
> tcp_extensions="YES"
> xntpd_enable="YES"
> 
> output of ifconfig -a:
> 
> xl0: flags=8843 mtu 1500
> inet 192.168.6.1 netmask 0xff00 broadcast 192.168.6.255
> inet6 fe80::2a0:24ff:fed8:4738%xl0 prefixlen 64 scopeid 0x1
> ether 00:a0:24:d8:47:38
> media: Ethernet autoselect (100baseTX )
> status: active
> dc0: flags=8843 mtu 1500
> inet6 fe80::204:5aff:fe45:5aa8%dc0 prefixlen 64 scopeid 0x2
> ether 00:04:5a:45:5a:a8
> media: Ethernet autoselect (100baseTX )
> status: active
> lp0: flags=8810 mtu 1500
> lo0: flags=8049 mtu 16384
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
> inet 127.0.0.1 netmask 0xff00
> ppp0: flags=8010 mtu 1500
> sl0: flags=c010 mtu 552
> faith0: flags=8002 mtu 1500
> tun0: flags=8051 mtu 1492
> inet 67.121.201.208 --> 67.121.203.254 netmask 0x
> Opened by PID 57
> 
> output of netstat -rn:
> 
> Routing tables
> Internet:
> DestinationGatewayFlagsRefs  Use  Netif Expire
> default67.121.203.254 UGSc4   30   tun0
> 67.121.203.254 67.121.201.208 UH  50   tun0
> 127.0.0.1  127.0.0.1  UH  00lo0
> 192.168.6  link#1 UC  10xl0
> 192.168.6.200:0c:76:51:77:7e  UHLW00xl0   1079
> 
> The RFC1918 PC is using 192.168.6.2 for its IP address and 192.168.6.1 for
> its default gateway.  The RFC1918 PC can successfully ping the gateway's
> internal and external interfaces, but nothing beyond.
> 
> Adding an ipfw rule like:
> 
> ipfw add 1 allow log ip from any to any
> 
> shows ping traffic betwen the inside interface of the gateway and the
> RFC1918 PC, but nothing else.
> 
> I've tried several ways of involking NAT, including via the ppp.conf file,
> via the command-line, and via rc.conf (the current flavor).  None seem to
> work.
> 
> Anybody have an ideas on how to proceed??
> 
> TIA,
> 
> --Sean Noonan.
> 
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"



___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: NAT and PPPoE problems

[Sean Noonan]

> Here are the docs i used when using ADSL w/ PPPoE  and NAT w/ IPFW
> there are 2 writeups here ...first is PPPoE (im assuming you already know
> how to compile your kerel ?) 2nd is  Duel Home host ...and how to setup
> NAT.

Hi Brent,

About the only differences I see in your config vs. mine is that you've
compiled NETGRAPH support directly into
the kernel (but it's my understanding that this was no longer explicitly
needed), and you manually configure the
ed1 interface in rc.conf.  I also notice that you specify NOT to use ARP
(-arp) when you config the interface,
which I don't specify (and the default is to use ARP).

I'll try making the kernel change and the interface config change and see if
makes a difference.

The second doc is basically exactly what I used to do when I used plain-old
Ethernet.  However, as the doc
states, "If the outside interface is ... a PPP-over-Ethernet (PPPoE) DSL
connection, use ppp(8)'s NAT facility
instead", which is what I'm trying to do ;-)

NAT over plain-old Ethernet works just fine for me.

Thanks again,

Sean.

*

No employee or agent is authorized to conclude any binding agreement on behalf of 
Watkins Contracting, L.P., with another 
party by email without express written confirmation by an Officer of the company.  In 
addition, any views or opinions 
presented in this email are solely those of the author and do not necessarily 
represent those of Watkins Contracting, L.P.  
Employees of Watkins Conracting, L.P., are expressly required not to make defamatory 
statements and not to infringe or 
authorize any infringement of copyright or any other legal right by email 
communications.  Any such communication is contrary 
to company policy and outside the scope of the employment of the individual concerned. 
 The company will not accept any 
liability in respect of such communication, and the employee responsible will be 
personally liable for any damages or other 
liability arising.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: NAT and PPPoE problems

[Brent Bailey]

Here are the docs i used when using ADSL w/ PPPoE  and NAT w/ IPFW
there are 2 writeups here ...first is PPPoE (im assuming you already know
how to compile your kerel ?) 2nd is  Duel Home host ...and how to setup
NAT.

hope this helps

-- 
Brent Bailey CCNA
Bmyster LLC
Computer Networking and Webhosting
Network Engineer, Webmaster, President
http://www.bmyster.com
[EMAIL PROTECTED]
207-247-8330


#
FreeBSD PPPoE HOWTO

FreeBSD Requirements for PPPoE

Be sure that you have a version of userppp that supports PPPoE. Please note
that userppp is included in FreeBSD. It is not add-on software. Recent
FreeBSD releases should be fine.

Any -CURRENT, -STABLE and -RELEASE versions of FreeBSD should be able to
support PPPoE. FreeBSD 4.0-CURRENT and 3.3-STABLE releases have been tested
and found to work.

Configuring FreeBSD Kernel for PPPoE

In order to support PPPoE, three lines must be added at the end of the
FreeBSD kernel file. Beginners with no idea how to compile a kernel, please
read the following carefully. For more experienced users who know how to
compile a kernel, just see step 3 below and add the three lines to your
kernel.

  1. First you must change to the kernel configuration directory:

cd /usr/src/sys/i386/conf

  2. In the kernel configuration directory, use your favorite text editor
and edit the kernel file. For example, if you use emacs, you would
type:

vi KERNEL

  3. Go to the end of the kernel file and add the following three lines:

options NETGRAPH
options NETGRAPH_PPPOE
options NETGRAPH_SOCKET

  4. After adding these three lines, save the modified kernel file.

  5. Type this command to set the kernel configuration:

config KERNEL

  6. Now you must change to the kernel setup directory:

cd ../../compile/KERNEL

  7. In the kernel setup directory, type the following three commands:

make depend
make
make install

Your kernel is now ready for PPPoE!

Configuring FreeBSD /etc/ppp/ppp.conf File

To edit the /etc/ppp/ppp.conf file, just use your favorite text editor.
Replace any existing file content with the lines below. Be sure the "set
device PPPoE:---" line is correct for your network interface card. (We used
ed1 for the NIC in this example.) Change the authname and authkey to your
sympatico user id (b1xx) and your password.

# /etc/ppp/ppp.conf

default:
set log Phase Chat LCP IPCP CCP tun command
nat enable yes
nat same_ports yes
nat use_sockets yes
set redial 15 28800
set reconnect 15 28800

pppoe:
set device PPPoE:ed1:
set mru 1492
set mtu 1492
set speed sync
enable lqr
set lqrperiod 5
set cd 5
set dial
set login
set timeout 0
set authname [EMAIL PROTECTED]
set authkey yourpassword
set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
add default HISADDR
enable dns

# end of ppp configuration

Configuring FreeBSD /etc/rc.conf  File

The /etc/rc.conf file should be set up as follows for the ethernet interface
that goes to your DSL modem. (Again, this example uses ed1 for the NIC.)

# /etc/rc.conf

network_interfaces="auto"  #Set network interfaces automatically
ifconfig_ed1="inet 10.0.0.1 netmask 255.0.0.0 -arp up"
ppp_enable="YES"#This enables PPP on startup
(recommended)
ppp_mode="background"
ppp_profile="pppoe"

#end of  /etc/rc.conf

Rebooting the System

After you have compiled the kernel to support PPPoE and have edited the
/etc/ppp/ppp.conf and /etc/rc.conf files with the right configuration, you
can reboot your system. If you enabled ppp in the /etc/rc.conf as
recommended, you should be connected and can now enjoy surfing the net on
FreeBSD using PPPoE.

Starting PPP Manually

If you did not enable ppp to automatically connect on startup in the
/etc/rc.conf file, you can use this command to connect to the Internet
manually:

ppp -background pppoe





##
 IPFW & NAT #

using IPFW and NATD
Applicable to: FreeBSD 4.2
Updated: January 1, 2001
This cheat sheet describes how to set up a dual-homed host (gateway) using
kernel packet filtering (IPFW) and the network address traslation daemon
(NATD). This procedure assumes the FreeBSD machine is equipped with two
ethernet interfaces. If the outside interface is a dial-up connection or a
PPP-over-Ethernet (PPPoE) DSL connection, use ppp(8)'s NAT facility
instead.

Before performing this procedure, you should read the FreeBSD Handbook
sections Firewalls and Gateways and Routes, and review the ipfirewall(4),
ipfw(8), and natd(8) manual pages.


For the purpose of this procedure, the following assumptions have been made:


The outside (Internet) interface is device 'dc0' and is assigned the IP
address 123.45.67.89/22, either static or dynamic (DHCP).
The inside interface is devi

Re: NAT and PPPoE problems

[Alex de Kruijff]

On Sun, Oct 12, 2003 at 06:16:34PM -0700, Sean Noonan wrote:
> Hi Folks,
> 
> I've used NAT with FreeBSD for years now, but recently had to change my
> ISP.  My new ISP, SBC, uses PPPoE (yuck).  I've finally got PPPoE working,
> but am having a heck of a time getting NAT to work with it.  I'm tracking
> STABLE and cvsup'd, etc, about two weeks ago to 4.9-PRERELEASE.  Here's my
> config:
> 
Its my experiance that its best if you have some external hardware
that handels this. My provider uses PPTP but my ADSL modum handels this
and routes all the packets to me.

-- 
Alex

Articles based on solutions that I use:
http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"