*BSD News Article 60261


Return to BSD News archive

Newsgroups: comp.unix.bsd.freebsd.misc
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!spool.mu.edu!agate!howland.reston.ans.net!gatech!newsfeed.internetmci.com!nntp-hub2.barrnet.net!pacbell.com!amdahl.com!amd!netcomsv!uu4news.netcom.com!netcomsv!uu3news.netcom.com!ix.netcom.com!netcom.com!wsuffa
From: wsuffa@netcom.com (William Suffa)
Subject: Help with user PPP (server) and net routing
Message-ID: <wsuffaDLK4BC.Bwx@netcom.com>
Keywords: PPP, routine
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
Date: Mon, 22 Jan 1996 00:35:36 GMT
Lines: 367
Sender: wsuffa@netcom7.netcom.com


I've beaten my head against the wall long enough.  It's time to break down
and ask for help on configuring my FreeBSD box.

I'm running 2.1.0-950726-SNAP.  The system configuration is:

Pentium 100
2 ethernet cards 
  ed0, SMC card at 206.64.65.2 (default gateway) connected to Cisco Router
  ed1, NE2000 clone at 10.0.1.1, connected to office ethernet
SCSI hard drive (1.3 GB) on an AHA-29xx series controller (PCI)

We have been using the box as a shell system to achieve mail and internet
connectivity, but we would like to allow the workstations on the network
to access the 'net directly for WWW and other TCP/IP applications.  At
present, we must telnet to the FreeBSD server through the ethernet (ed1),
or dialup and login to a shell account, then telnet/ftp/... to reach 
the rest of the world.  I have spent a good 100 hours beating on this
thing, and it doesn't want to forward IP packets between the two ethernet
interfaces, or between a PPP dialup and ed0.  Here's what I've done:

1) compiled a custom kernel w/gateway enabled

2) verified using sysctl that net.inet.ip.forwarding is =1

3) set routing for 10.0.1.0 to interface ed1

4) established a ppp account that executed the command /usr/sbin/ppp -direct
   upon login.

5) defined parameters in /etc/ppp/ppp.conf.

Here's what happens:

I can connect just fine to the FreeBSD server using telnet (or equiv) 
when connected to 10.0.1.1 (ed1) from the office ethernet, or when dialed
into the ppp account using Trumpet Winsock.  When I attempt to run Netscape
or an FTP client (or telnet, for that matter) from any client machine, it
will connect just fine to the FreeBSD box, but fails to connect to the
outside world (it will get the appropriate address from the name-server,
but times out when trying to connect to the name-address).

I really would like to get this running, if anyone can help.

Here is a list of the routing, using netstat:
(the tun0 device is set to 206.64.65.127; the client is set to 206.64.65.126)

Name  Mtu   Network     Address            Ipkts Ierrs    Opkts Oerrs  Coll
ed0   1500  <Link>00.00.c0.47.6f.bb        80701     0    71163     0     0
ed0   1500  206.64.65   206.64.65.2        80701     0    71163     0     0
ed1   1500  <Link>00.40.05.1a.61.8f       112912     0    64598     0    92
ed1   1500  10.0.1      10.0.1.1          112912     0    64598     0    92
lp0*  1500  <Link>                             0     0        0     0     0
lo0   16384 <Link>                          1794     0     1794     0     0
lo0   16384 127         127.0.0.1           1794     0     1794     0     0
sl0*  552   <Link>                             0     0        0     0     0
sl1*  552   <Link>                             0     0        0     0     0
sl2*  552   <Link>                             0     0        0     0     0
sl3*  552   <Link>                             0     0        0     0     0
tun0  552   <Link>                          3382     0     1836     0     0
tun0  552   206.64.65   206.64.65.127       3382     0     1836     0     0
tun1* 1500  <Link>                             0     0        0     0     0
tun2* 1500  <Link>                             0     0        0     0     0
tun3* 1500  <Link>                             0     0        0     0     0


Using ifconfig, I get:

tun0: flags=51<UP,POINTOPOINT,RUNNING> mtu 552
	inet 206.64.65.127 --> 206.64.65.126 netmask 0xffffff00 

(the above was obtained using a telnet session while the dialup PPP was 
running)

This is my ppp.conf file:


#############################################################################
#
#  Examples to connect to IIJ Dialup PPP service
#
#	1) On IIJ servive, both user side and server side address can
#	   not be predicted by a customer. In this circumstance, you need
#	   some trick to use on-demand dialup. See iij-demand for example.
#
#       2) IIJ has 3 kinds of authentication method; getty, PAP and CHAP.
#	   In all cases, you can use same username and password assigned
#	   from IIJ.
#
#  $Id: ppp.conf.iij,v 1.1.1.1 1995/01/31 06:24:33 amurai Exp $
#
#############################################################################
#
#  Very simple case. Note that this example automatically dials into IIJ.
#  Please be sure to check phone number to access nearest location.
#
#	% ppp iij
#
#iij:
# set phone 0332425701
# set authname MyUserName
# set authkey  MyPassword
# set login "TIMEOUT 5 login:-\\r-login: \\U word: \\P PPP"
# set timeout 0
# dial
#
#  If you prefer to use PAP authentification, use this one.
#
#	% ppp iij-pap
#
#iij-pap:
# set phone 0332425701
# accept pap
# set authname MyUserName
# set authkey  MyPassword
# set login "TIMEOUT 5 login:-\\r-login:"
# set timeout 0
# set openmode active
# dial
#
#  Use "% ppp iij-chap" for CHAP authentification
#
#iij-chap:
# set phone 0332425701
# accept chap
# deny pap
# set authname MyUserName
# set authkey  MyPassword
# set login "TIMEOUT 5 login:-\\r-login:"
# set timeout 0
# set openmode active
# dial
#
# Here, we assume that IIJ server has 192.244.177.2 as their address.
# This assumption may not be correct, but we'll fix it later.
# Also, take a look at ppp.linkup.
#
#	% ppp -auto iij-demand
#
# Use dummy ping to generate a call to IIJ.
#
#	% ping 192.244.177.2
#
#iij-demand:
# set debug lcp
# set ifaddr 206.64.65.127 206.64.65.126/20
# add 206.64.65.127 255.255.255.192 206.64.65.126

default:
 set debug lcp
 disable lqr
 deny lqr
 enable proxy
 set ifaddr 206.64.65.127 206.64.65.126
 add 206.64.65.126 206.64.65.192 206.64.65.127



The results of sysctl net.inet.ip.forwarding:

net.inet.ip.forwarding = 1


and my /etc/sysconfig file:


#!/bin/sh
#

# This is sysconfig - a file full of useful variables that you can set 
# to change the default startup behavior of your system.
#
#	$Id: sysconfig,v 1.14 1995/05/17 04:46:57 rgrimes Exp $

######################### Start Of Syscons Section #######################

# Choose keyboard map from /usr/share/syscons/keymaps/* or NO if default.
keymap=NO

# Set keyboard rate to: slow, normal, fast or NO if default.
keyrate=NO

# Change function keys default values (or no change if NO)
# Syntax: "<funkey_number> <new_value> [<funkey_number> <new_value>]..."
keychange=NO

# Desired cursor type {normal|blink|destructive}, NO if no change
cursor=NO

# Choose screen map from /usr/share/syscons/scrnmaps/* (or NO for none)
scrnmap=NO

# Choose font 8x16 from /usr/share/syscons/fonts/* (or NO for default)
font8x16=NO

# Choose font 8x14 from /usr/share/syscons/fonts/* (or NO for default)
font8x14=NO

# Choose font 8x8 from /usr/share/syscons/fonts/* (or NO for default)
font8x8=NO

# Set blank time (in seconds) or "off" to turn it off (or NO for default)
blanktime=NO

# Set to screen saver desired: blank, green, snake, star (or NO for none)
saver=NO

# General russian setup for example:
# (koi8-r keyboard with cp866 screen font mapped to koi8-r)
#
# keymap=ru.koi8-r
# keyrate=fast
# keychange="61 [K"
# cursor=destructive
# scrnmap=koi8-r2cp866
# font8x16=cp866b-8x16
# font8x14=cp866-8x14
# font8x8=cp866-8x8
# blanktime=600
# saver=snake

######################### End Of Syscons Section #######################

######################### Start Of Netconfig Section #######################

# Set to the name of your host - this is pretty important!
hostname=s-and-c.commbiz.com

# Set to the NIS domainname of your host, or NO if none
defaultdomainname=commbiz.com

#
# Some broken implementations can't handle the RFC 1323 and RFC 1644
# TCP options.  If TCP connections randomly hang, try disabling this,
# and bug the vendor of the losing equipment.
#
tcp_extensions=YES

#
# Set to the list of network devices on this host.  You must have an
# ifconfig_${network_interface} line for each interface listed here.
# for example:
#
#	network_interfaces="ed0 sl0 lo0"
#	ifconfig_ed0="inet 10.0.0.1 netmask 0xffffff00"
#	ifconfig_sl0="inet 10.0.1.0 netmask 0xffffff00"
#
network_interfaces="ed0 lo0 ed1"
ifconfig_ed0="inet 206.64.65.2 netmask 0xffffff00"
ifconfig_lo0="inet localhost"
ifconfig_ed1="inet 10.0.1.1 netmask 0xffffff00"

#
# Set to the list of route add lines for this host.  You must have a
# route_${static_routes} line for each static route listed here.
#
static_routes="multicast loopback"
route_multicast="224.0.0.0 -netmask 0xf0000000 -interface ${hostname}"
route_loopback="${hostname} localhost"
#route_workplace="10.0.1.0 -interface 10.0.1.1"


# Set to the host you'd like set as your default router, or NO for none.
defaultrouter=206.64.65.1

# These are the flags you'd like to start the routing daemon with
routedflags="-q"

# timed flags, or NO if you don't want to start the time daemon
timedflags=NO

# xntpd flags, or NO if you don't want to start the xntpd daemon
xntpdflags="NO"

# this is inoperative unless xntpd is enabled; NO to disable
tickadjflags="-Aq"

# Set to the site you'd like to syncronize your clock from (gatekeeper.dec.com,
# for example) or NO for no such site.
ntpdate="clock.llnl.gov"

# Set to YES if you want to run rwhod
rwhod=NO

# Default sendmail flags.  -bd is pretty mandatory, -q<n>m sets the queue scan
# time in minutes.  If set to NO, don't start sendmail at all.
sendmail_flags="-bd -q15m"

# Set to appropriate flags if you want to use AMD
amdflags="NO"

# Set to YES if this machine will be an NFS client
nfs_client=NO

# Set to YES if this machine will be an NFS server
nfs_server="YES"

# Set to appropriate flags if you want to start NIS for a client
nis_clientflags="NO"

# Set to appropriate flags if you want to start NIS for a server
nis_serverflags="NO"

# Set to appropriate flags for yppasswdd, if you wish to run it.
# Typical flags might be "-m /var/yp/master.passwd -s -f"
yppasswddflags="NO"

# Set to appropriate flags for named, if you have a full-time
# connection to the Internet.
# For most hosts, flags should be "-b /etc/namedb/named.boot"
namedflags="-b /etc/namedb/named.boot"

# Set to YES if you want to run the X-10 power controller daemon
xtend=NO

# Set to YES if you want kernel crashdumps to be saved for debugging
savecore=NO

# Set to YES if you want to run Kerberos authentication
kerberos_server=NO

# Set to YES if you want to run gated
gated=NO

# Set to YES if you wish to check quotas.  NOTE:  For now this probably
# doesn't work and should be left disabled.
check_quotas=NO

# Set to YES to turn on accounting.  NOTE: For now this probably
# doesn't work and should be left disabled.
accounting=NO


# This stuff needed for proper daemons tuning, comsat f.e.
# See profile and csh.login also.
# Uncomment next line if you want to setup your 8-bit locale at program
# startup automatically
# ENABLE_STARTUP_LOCALE=; export ENABLE_STARTUP_LOCALE
# Uncomment next line to activate russian locale
# LANG=ru_SU.KOI8-R; export LANG
# Uncomment next line to activate italian locale
# LANG=it_IT.ISO8859-1; export LANG
# For full list of locales, check /usr/share/locale/*

######################### End Of Netconfig Section #######################

######################### Start Of Misc Section #######################

# Set to YES if you want ibcs2 (SCO) emulation loaded at startup
ibcs2=NO



I'm sure I'm doing something really stupid here, but I've read the 
O'Reilley books, and I still can't find it.

Can anyone offer some suggestions?

Thanks much.

P.S.:  Can anyone tell me the best way to upgrade from this SNAP to the
current release?  is it best to download the sources and recompile, or
should I start from scratch?

bill
--