Re: pppoe0 doesn't get ip address - how to reconnect ?
15 July 2008 c. 14:57:58 Henning Brauer wrote: * Xavier Millihs-Lacroix [EMAIL PROTECTED] [2008-07-15 09:02]: Sometimes when I boot a soekris box (net5501) - OpenBSD 4.3, I didn't get each times an ip address for the pppoe0 link. This is a problem as I can connect to this box only remotely. I didn't find on the documentation how to reconnect automatically if the link goes down. pppoe automagically reconnects. many ISPs have some logic to deny you from opening two ppp sessions, so by the time your box reboots the old sessions has not yet timed out. You can't do all that much but waiting for the old session to expire, pppoe will retry all the time. Search for PPPOE_TERM_UNKNOWN_SESSIONS kernel option. I have such provider, and this option helps a lot. BTW: Is there any point to translate this knob to interface linkN flag? -- Best wishes, Vadim Zhukov
Re: pppoe0 doesn't get ip address - how to reconnect ?
The soekris box seems now working. I have to wait several days... I just add in the file : /etc/rc.shutdown ifconfig pppoe0 down Thanks a lot all for your help. I 'll have a look also for PPOE_TERM_UNKNOWN_SESSIONS Regards. Xavier. 2008/7/17 Vadim Zhukov [EMAIL PROTECTED]: 15 July 2008 c. 14:57:58 Henning Brauer wrote: * Xavier Millihs-Lacroix [EMAIL PROTECTED] [2008-07-15 09:02]: Sometimes when I boot a soekris box (net5501) - OpenBSD 4.3, I didn't get each times an ip address for the pppoe0 link. This is a problem as I can connect to this box only remotely. I didn't find on the documentation how to reconnect automatically if the link goes down. pppoe automagically reconnects. many ISPs have some logic to deny you from opening two ppp sessions, so by the time your box reboots the old sessions has not yet timed out. You can't do all that much but waiting for the old session to expire, pppoe will retry all the time. Search for PPPOE_TERM_UNKNOWN_SESSIONS kernel option. I have such provider, and this option helps a lot. BTW: Is there any point to translate this knob to interface linkN flag? -- Best wishes, Vadim Zhukov
pppoe0 doesn't get ip address - how to reconnect ?
Sometimes when I boot a soekris box (net5501) - OpenBSD 4.3, I didn't get each times an ip address for the pppoe0 link. This is a problem as I can connect to this box only remotely. I didn't find on the documentation how to reconnect automatically if the link goes down. Any ideas ? Xavier. Here is my configuration : /etc/sysctl.conf file : net.inet.ip.forwarding=1 net.inet6.ip6.forwarding=1 /etc/rc.conf.local file : named_flags= # nameserver ntpd_flags= # timeserver dhcpd_flags= # DHCP server ftpproxy_flags= # ftp proxy server pf=YES pf_rules=/etc/pf.conf check_quotas=NO # desactivate quotas /etc/resolv.conf file : lookup file bind nameserver 127.0.0.1 */etc/hostname.pppoe0 file file :* inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev vr0 \ authproto pap authname my_USER authkey my_PASSWORD up !/sbin/route add default 0.0.0.1 */etc/hostname.**vr0 file :* up * * */etc/hostname.**vr1 file :* inet 10.0.0.1 255.255.255.0 NONE I don't have /etc/mygate file. I don't have /var/named/named.boot file I use pf.
Re: pppoe0 doesn't get ip address - how to reconnect ?
Hi Xavier, Look at this file: ppp.linkdown.sample it will be in /etc/ppp/ 2008/7/15 Xavier Millihs-Lacroix [EMAIL PROTECTED]: Sometimes when I boot a soekris box (net5501) - OpenBSD 4.3, I didn't get each times an ip address for the pppoe0 link. This is a problem as I can connect to this box only remotely. I didn't find on the documentation how to reconnect automatically if the link goes down. Any ideas ? Xavier. Here is my configuration : /etc/sysctl.conf file : net.inet.ip.forwarding=1 net.inet6.ip6.forwarding=1 /etc/rc.conf.local file : named_flags= # nameserver ntpd_flags= # timeserver dhcpd_flags= # DHCP server ftpproxy_flags= # ftp proxy server pf=YES pf_rules=/etc/pf.conf check_quotas=NO # desactivate quotas /etc/resolv.conf file : lookup file bind nameserver 127.0.0.1 */etc/hostname.pppoe0 file file :* inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev vr0 \ authproto pap authname my_USER authkey my_PASSWORD up !/sbin/route add default 0.0.0.1 */etc/hostname.**vr0 file :* up * * */etc/hostname.**vr1 file :* inet 10.0.0.1 255.255.255.0 NONE I don't have /etc/mygate file. I don't have /var/named/named.boot file I use pf. -- - Murilo da Silva Ijanc' (MuriloBSD) SILC: silc.br.dotbsd.org Canal: dotbsd E-mail: [EMAIL PROTECTED] End.: http://murilo.dotbsd.org
Re: pppoe0 doesn't get ip address - how to reconnect ?
* Xavier Millihs-Lacroix [EMAIL PROTECTED] [2008-07-15 09:02]: Sometimes when I boot a soekris box (net5501) - OpenBSD 4.3, I didn't get each times an ip address for the pppoe0 link. This is a problem as I can connect to this box only remotely. I didn't find on the documentation how to reconnect automatically if the link goes down. pppoe automagically reconnects. many ISPs have some logic to deny you from opening two ppp sessions, so by the time your box reboots the old sessions has not yet timed out. You can't do all that much but waiting for the old session to expire, pppoe will retry all the time. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: pppoe0 doesn't get ip address - how to reconnect ?
On Tue, 15 Jul 2008, Henning Brauer wrote: * Xavier Millihs-Lacroix [EMAIL PROTECTED] [2008-07-15 09:02]: Sometimes when I boot a soekris box (net5501) - OpenBSD 4.3, I didn't get each times an ip address for the pppoe0 link. This is a problem as I can connect to this box only remotely. I didn't find on the documentation how to reconnect automatically if the link goes down. pppoe automagically reconnects. many ISPs have some logic to deny you from opening two ppp sessions, so by the time your box reboots the old sessions has not yet timed out. You can't do all that much but waiting for the old session to expire, pppoe will retry all the time. Just put ifconfig pppoe0 down in your rc.shutdown script and this problem should be solved. I wrote a short piece of code for rc.local, that was waiting for the pppoe link to come up, before I discoverd that. Kind regards, Markus
Re: pppoe0 doesn't get ip address - how to reconnect ?
Thanks a lot. I will make some tests this evening. pppoe automagically reconnects So if my ip change I still have to reload pf ? using ppp.linkdown ? Xavier. 2008/7/15 Henning Brauer [EMAIL PROTECTED]: * Xavier Millihs-Lacroix [EMAIL PROTECTED] [2008-07-15 09:02]: Sometimes when I boot a soekris box (net5501) - OpenBSD 4.3, I didn't get each times an ip address for the pppoe0 link. This is a problem as I can connect to this box only remotely. I didn't find on the documentation how to reconnect automatically if the link goes down. pppoe automagically reconnects. many ISPs have some logic to deny you from opening two ppp sessions, so by the time your box reboots the old sessions has not yet timed out. You can't do all that much but waiting for the old session to expire, pppoe will retry all the time. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: pppoe0 doesn't get ip address - how to reconnect ?
* Xavier Millihs-Lacroix [EMAIL PROTECTED] [2008-07-15 14:15]: pppoe automagically reconnects So if my ip change I still have to reload pf ? not if you write your pf.conf correctly
Re: pppoe0 doesn't get ip address - how to reconnect ?
2008/7/15 Henning Brauer [EMAIL PROTECTED]:
* Xavier Millihs-Lacroix [EMAIL PROTECTED] [2008-07-15 14:15]:
pppoe automagically reconnects
So if my ip change I still have to reload pf ?
not if you write your pf.conf correctly
Here is my actual version. I 'will add later spamd, sshbruteforece.
Do you think my pf.conf is correct ?
Xavier.
# macros
ext_if=pppoe0
int_if=vr1
tcp_services={ 22, 113 }
icmp_types=echoreq
comp3=192.168.1.2
# options
set block-policy return
set loginterface $ext_if
set skip on lo
# scrub
scrub in
# nat/rdr
nat on $ext_if from !($ext_if) - ($ext_if:0)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021
rdr on $ext_if proto tcp from any to any port 80 - $comp3
# filter rules
block in
pass out keep state
anchor ftp-proxy/*
antispoof quick for { lo $int_if }
pass in on $ext_if inet proto tcp from any to ($ext_if) \
port $tcp_services flags S/SA keep state
pass in on $ext_if inet proto tcp from any to $comp3 port 80 \
flags S/SA synproxy state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in quick on $int_if
/etc/pf.conf
# macros
ext_if=pppoe0
int_if=vr1
tcp_services={ 22, 113, 443 }
icmp_types=echoreq
srvexchange=192.168.1.2
tcp_srvexchange={ 25, 110, 1024 }
srvfiles=192.168.1.10
tcp_srvfiles={ 873, 3389 }
# options
set block-policy return
set loginterface $ext_if
set skip on lo
# scrub
scrub in
# nat/rdr
nat on $ext_if from !($ext_if) - ($ext_if:0)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021
rdr on $ext_if proto tcp from any to any port $tcp_srvfiles - $srvfiles
rdr on $ext_if proto tcp from any to any port $tcp_srvexchange -
$srvexchange
# filter rules
block in
pass out keep state
anchor ftp-proxy/*
antispoof quick for { lo $int_if }
pass in on $ext_if inet proto tcp from any to ($ext_if) \
port $tcp_services flags S/SA keep state
pass in on $ext_if inet proto tcp from any to $srvfiles port $tcp_srvfiles \
flags S/SA synproxy state
pass in on $ext_if inet proto tcp from any to $srvexchange port
$tcp_srvexchange \
flags S/SA synproxy state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in quick on $int_if
