Return to BSD News archive
Newsgroups: comp.unix.bsd.freebsd.misc Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!spool.mu.edu!agate!howland.reston.ans.net!gatech!newsfeed.internetmci.com!nntp-hub2.barrnet.net!pacbell.com!amdahl.com!amd!netcomsv!uu4news.netcom.com!netcomsv!uu3news.netcom.com!ix.netcom.com!netcom.com!wsuffa From: wsuffa@netcom.com (William Suffa) Subject: Help with user PPP (server) and net routing Message-ID: <wsuffaDLK4BC.Bwx@netcom.com> Keywords: PPP, routine Organization: NETCOM On-line Communication Services (408 261-4700 guest) Date: Mon, 22 Jan 1996 00:35:36 GMT Lines: 367 Sender: wsuffa@netcom7.netcom.com I've beaten my head against the wall long enough. It's time to break down and ask for help on configuring my FreeBSD box. I'm running 2.1.0-950726-SNAP. The system configuration is: Pentium 100 2 ethernet cards ed0, SMC card at 206.64.65.2 (default gateway) connected to Cisco Router ed1, NE2000 clone at 10.0.1.1, connected to office ethernet SCSI hard drive (1.3 GB) on an AHA-29xx series controller (PCI) We have been using the box as a shell system to achieve mail and internet connectivity, but we would like to allow the workstations on the network to access the 'net directly for WWW and other TCP/IP applications. At present, we must telnet to the FreeBSD server through the ethernet (ed1), or dialup and login to a shell account, then telnet/ftp/... to reach the rest of the world. I have spent a good 100 hours beating on this thing, and it doesn't want to forward IP packets between the two ethernet interfaces, or between a PPP dialup and ed0. Here's what I've done: 1) compiled a custom kernel w/gateway enabled 2) verified using sysctl that net.inet.ip.forwarding is =1 3) set routing for 10.0.1.0 to interface ed1 4) established a ppp account that executed the command /usr/sbin/ppp -direct upon login. 5) defined parameters in /etc/ppp/ppp.conf. Here's what happens: I can connect just fine to the FreeBSD server using telnet (or equiv) when connected to 10.0.1.1 (ed1) from the office ethernet, or when dialed into the ppp account using Trumpet Winsock. When I attempt to run Netscape or an FTP client (or telnet, for that matter) from any client machine, it will connect just fine to the FreeBSD box, but fails to connect to the outside world (it will get the appropriate address from the name-server, but times out when trying to connect to the name-address). I really would like to get this running, if anyone can help. Here is a list of the routing, using netstat: (the tun0 device is set to 206.64.65.127; the client is set to 206.64.65.126) Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll ed0 1500 <Link>00.00.c0.47.6f.bb 80701 0 71163 0 0 ed0 1500 206.64.65 206.64.65.2 80701 0 71163 0 0 ed1 1500 <Link>00.40.05.1a.61.8f 112912 0 64598 0 92 ed1 1500 10.0.1 10.0.1.1 112912 0 64598 0 92 lp0* 1500 <Link> 0 0 0 0 0 lo0 16384 <Link> 1794 0 1794 0 0 lo0 16384 127 127.0.0.1 1794 0 1794 0 0 sl0* 552 <Link> 0 0 0 0 0 sl1* 552 <Link> 0 0 0 0 0 sl2* 552 <Link> 0 0 0 0 0 sl3* 552 <Link> 0 0 0 0 0 tun0 552 <Link> 3382 0 1836 0 0 tun0 552 206.64.65 206.64.65.127 3382 0 1836 0 0 tun1* 1500 <Link> 0 0 0 0 0 tun2* 1500 <Link> 0 0 0 0 0 tun3* 1500 <Link> 0 0 0 0 0 Using ifconfig, I get: tun0: flags=51<UP,POINTOPOINT,RUNNING> mtu 552 inet 206.64.65.127 --> 206.64.65.126 netmask 0xffffff00 (the above was obtained using a telnet session while the dialup PPP was running) This is my ppp.conf file: ############################################################################# # # Examples to connect to IIJ Dialup PPP service # # 1) On IIJ servive, both user side and server side address can # not be predicted by a customer. In this circumstance, you need # some trick to use on-demand dialup. See iij-demand for example. # # 2) IIJ has 3 kinds of authentication method; getty, PAP and CHAP. # In all cases, you can use same username and password assigned # from IIJ. # # $Id: ppp.conf.iij,v 1.1.1.1 1995/01/31 06:24:33 amurai Exp $ # ############################################################################# # # Very simple case. Note that this example automatically dials into IIJ. # Please be sure to check phone number to access nearest location. # # % ppp iij # #iij: # set phone 0332425701 # set authname MyUserName # set authkey MyPassword # set login "TIMEOUT 5 login:-\\r-login: \\U word: \\P PPP" # set timeout 0 # dial # # If you prefer to use PAP authentification, use this one. # # % ppp iij-pap # #iij-pap: # set phone 0332425701 # accept pap # set authname MyUserName # set authkey MyPassword # set login "TIMEOUT 5 login:-\\r-login:" # set timeout 0 # set openmode active # dial # # Use "% ppp iij-chap" for CHAP authentification # #iij-chap: # set phone 0332425701 # accept chap # deny pap # set authname MyUserName # set authkey MyPassword # set login "TIMEOUT 5 login:-\\r-login:" # set timeout 0 # set openmode active # dial # # Here, we assume that IIJ server has 192.244.177.2 as their address. # This assumption may not be correct, but we'll fix it later. # Also, take a look at ppp.linkup. # # % ppp -auto iij-demand # # Use dummy ping to generate a call to IIJ. # # % ping 192.244.177.2 # #iij-demand: # set debug lcp # set ifaddr 206.64.65.127 206.64.65.126/20 # add 206.64.65.127 255.255.255.192 206.64.65.126 default: set debug lcp disable lqr deny lqr enable proxy set ifaddr 206.64.65.127 206.64.65.126 add 206.64.65.126 206.64.65.192 206.64.65.127 The results of sysctl net.inet.ip.forwarding: net.inet.ip.forwarding = 1 and my /etc/sysconfig file: #!/bin/sh # # This is sysconfig - a file full of useful variables that you can set # to change the default startup behavior of your system. # # $Id: sysconfig,v 1.14 1995/05/17 04:46:57 rgrimes Exp $ ######################### Start Of Syscons Section ####################### # Choose keyboard map from /usr/share/syscons/keymaps/* or NO if default. keymap=NO # Set keyboard rate to: slow, normal, fast or NO if default. keyrate=NO # Change function keys default values (or no change if NO) # Syntax: "<funkey_number> <new_value> [<funkey_number> <new_value>]..." keychange=NO # Desired cursor type {normal|blink|destructive}, NO if no change cursor=NO # Choose screen map from /usr/share/syscons/scrnmaps/* (or NO for none) scrnmap=NO # Choose font 8x16 from /usr/share/syscons/fonts/* (or NO for default) font8x16=NO # Choose font 8x14 from /usr/share/syscons/fonts/* (or NO for default) font8x14=NO # Choose font 8x8 from /usr/share/syscons/fonts/* (or NO for default) font8x8=NO # Set blank time (in seconds) or "off" to turn it off (or NO for default) blanktime=NO # Set to screen saver desired: blank, green, snake, star (or NO for none) saver=NO # General russian setup for example: # (koi8-r keyboard with cp866 screen font mapped to koi8-r) # # keymap=ru.koi8-r # keyrate=fast # keychange="61 [K" # cursor=destructive # scrnmap=koi8-r2cp866 # font8x16=cp866b-8x16 # font8x14=cp866-8x14 # font8x8=cp866-8x8 # blanktime=600 # saver=snake ######################### End Of Syscons Section ####################### ######################### Start Of Netconfig Section ####################### # Set to the name of your host - this is pretty important! hostname=s-and-c.commbiz.com # Set to the NIS domainname of your host, or NO if none defaultdomainname=commbiz.com # # Some broken implementations can't handle the RFC 1323 and RFC 1644 # TCP options. If TCP connections randomly hang, try disabling this, # and bug the vendor of the losing equipment. # tcp_extensions=YES # # Set to the list of network devices on this host. You must have an # ifconfig_${network_interface} line for each interface listed here. # for example: # # network_interfaces="ed0 sl0 lo0" # ifconfig_ed0="inet 10.0.0.1 netmask 0xffffff00" # ifconfig_sl0="inet 10.0.1.0 netmask 0xffffff00" # network_interfaces="ed0 lo0 ed1" ifconfig_ed0="inet 206.64.65.2 netmask 0xffffff00" ifconfig_lo0="inet localhost" ifconfig_ed1="inet 10.0.1.1 netmask 0xffffff00" # # Set to the list of route add lines for this host. You must have a # route_${static_routes} line for each static route listed here. # static_routes="multicast loopback" route_multicast="224.0.0.0 -netmask 0xf0000000 -interface ${hostname}" route_loopback="${hostname} localhost" #route_workplace="10.0.1.0 -interface 10.0.1.1" # Set to the host you'd like set as your default router, or NO for none. defaultrouter=206.64.65.1 # These are the flags you'd like to start the routing daemon with routedflags="-q" # timed flags, or NO if you don't want to start the time daemon timedflags=NO # xntpd flags, or NO if you don't want to start the xntpd daemon xntpdflags="NO" # this is inoperative unless xntpd is enabled; NO to disable tickadjflags="-Aq" # Set to the site you'd like to syncronize your clock from (gatekeeper.dec.com, # for example) or NO for no such site. ntpdate="clock.llnl.gov" # Set to YES if you want to run rwhod rwhod=NO # Default sendmail flags. -bd is pretty mandatory, -q<n>m sets the queue scan # time in minutes. If set to NO, don't start sendmail at all. sendmail_flags="-bd -q15m" # Set to appropriate flags if you want to use AMD amdflags="NO" # Set to YES if this machine will be an NFS client nfs_client=NO # Set to YES if this machine will be an NFS server nfs_server="YES" # Set to appropriate flags if you want to start NIS for a client nis_clientflags="NO" # Set to appropriate flags if you want to start NIS for a server nis_serverflags="NO" # Set to appropriate flags for yppasswdd, if you wish to run it. # Typical flags might be "-m /var/yp/master.passwd -s -f" yppasswddflags="NO" # Set to appropriate flags for named, if you have a full-time # connection to the Internet. # For most hosts, flags should be "-b /etc/namedb/named.boot" namedflags="-b /etc/namedb/named.boot" # Set to YES if you want to run the X-10 power controller daemon xtend=NO # Set to YES if you want kernel crashdumps to be saved for debugging savecore=NO # Set to YES if you want to run Kerberos authentication kerberos_server=NO # Set to YES if you want to run gated gated=NO # Set to YES if you wish to check quotas. NOTE: For now this probably # doesn't work and should be left disabled. check_quotas=NO # Set to YES to turn on accounting. NOTE: For now this probably # doesn't work and should be left disabled. accounting=NO # This stuff needed for proper daemons tuning, comsat f.e. # See profile and csh.login also. # Uncomment next line if you want to setup your 8-bit locale at program # startup automatically # ENABLE_STARTUP_LOCALE=; export ENABLE_STARTUP_LOCALE # Uncomment next line to activate russian locale # LANG=ru_SU.KOI8-R; export LANG # Uncomment next line to activate italian locale # LANG=it_IT.ISO8859-1; export LANG # For full list of locales, check /usr/share/locale/* ######################### End Of Netconfig Section ####################### ######################### Start Of Misc Section ####################### # Set to YES if you want ibcs2 (SCO) emulation loaded at startup ibcs2=NO I'm sure I'm doing something really stupid here, but I've read the O'Reilley books, and I still can't find it. Can anyone offer some suggestions? Thanks much. P.S.: Can anyone tell me the best way to upgrade from this SNAP to the current release? is it best to download the sources and recompile, or should I start from scratch? bill --