New Setup - Router Issues

M

maquis196

Morning all, I've tried to google my way out of this issue but I seem to be overlooking something. Essentially I'm trying to turn my FreeBSD 9.1 server into my router since the BT HomeHub3 is a POS.

So anyways, I have successfully attached my server to BT Infinity using the PPPD daemon (using PPPoE over a USB NIC). The server has Internet basically (I'm posting this through a SSH proxy with it). However the router part of the setup appears to not be working, I have the following;

rc.conf:
Code: 
gateway_enable="YES"

sysctl:
Code: 
root@crane:/root # sysctl net.inet.ip.forwarding
net.inet.ip.forwarding: 1

But isn't a FreeBSD router supposed to be just this? I believe it doesn't need firewall rules to do any forwarding like iptables, so could someone point me in the direction of something I have missed? I do have hashed out PF values in rc.conf, but I can't work out if something is blocking the client or if the router isn't forwarding properly.

Thanks for any help guys.
 
In case it is a route issue, I forgot to post this before.

Code: 
root@crane:/root # netstat -r
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            217.32.146.66      UGS         0    45253   tun0
host81-159-23-20.r localhost          UH          0        0    lo0
localhost          link#12            UH          0      176    lo0
192.168.20.0       link#7             U           0    60838    re0
192.168.20.120     link#7             UHS         0        0    lo0
git                link#7             UHS         0       27    lo0
puppet             link#7             UHS         0      406    lo0
192.168.20.123     link#7             UHS         0        0    lo0
192.168.20.250     link#7             UHS         0        0    lo0
217.32.146.66      link#16            UHS         0        0   tun0
 
Yes, a FreeBSD router is a machine with more than one network interface, which forwards packets between the interfaces.

You don't show us how the network interfaces are set up, so it's a bit hard to be helpful. Also, there are situations when a gateway machine needs more than simple routing. Example: you might need NAT, if your internal network is based on private IP addresses.
 
Ah good point sir, here is my ifconfig output.
Code: 
ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 2290
	ether 74:2f:68:29:7e:92
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <hostap>
	status: running
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
	ether c8:60:00:bc:f1:33
	inet 192.168.20.120 netmask 0xffffff00 broadcast 192.168.20.255
	inet6 fe80::ca60:ff:febc:f133%re0 prefixlen 64 scopeid 0x7 
	inet 192.168.20.121 netmask 0xffffff00 broadcast 192.168.20.255
	inet 192.168.20.122 netmask 0xffffff00 broadcast 192.168.20.255
	inet 192.168.20.123 netmask 0xffffff00 broadcast 192.168.20.255
	inet 192.168.20.250 netmask 0xffffff00 broadcast 192.168.20.255
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0xc 
	inet 127.0.0.1 netmask 0xff000000 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
ue0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=80008<VLAN_MTU,LINKSTATE>
	ether 00:00:00:00:35:7c
	inet6 fe80::200:ff:fe00:357cà prefixlen 64 scopeid 0xd 
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
bridge0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether 02:9e:02:f5:64:00
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
	root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether 74:2f:68:29:7e:92
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <hostap>
	status: running
	ssid crane channel 11 (2462 MHz 11g ht/20) bssid 74:2f:68:29:7e:92
	regdomain 96 indoor ecm authmode WPA1+WPA2/802.11i privacy MIXED
	deftxkey 2 TKIP 2:128-bit TKIP 3:128-bit txpower 20 scanvalid 60
	protmode CTS -ht -htcompat -ampdu ampdulimit 64k ampdudensity 8 -amsdu
	smps wme burst dtimperiod 1 -dfs
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1492
	options=80000<LINKSTATE>
	inet 81.159.23.20 --> 217.32.146.66 netmask 0xffffffff 
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	Opened by PID 1743

I am using a private range at home, so NAT is what I require, last time I had a FreeBSD router it just worked out the box, I don't know if I am having a router issue or PPPoE+nat issue.
 
You're going to have to use one of the firewalls to enable NAT. Routing works out of the box (gateway_enable), NAT doesn't. And you need NAT because you're using RFC1918 addresses internally.
 
SirDice said:
You're going to have to use one of the firewalls to enable NAT. Routing works out of the box (gateway_enable), NAT doesn't. And you need NAT because you're using RFC1918 addresses internally.
Click to expand...

Ah, I thought as much, just needed confirmation that I wasn't overlooking something simple. I think I had it working once a while ago on a different network without NAT and it threw me off for this.

Cheers @SirDice.
 
Last edited by a moderator:
I'm not sure but I think PPPoE has some NAT features too. Although I've never used it it may be the reason why you didn't have a firewall on your earlier configuration.

The reason I've never used it is because I'm always going to enable a firewall anyway, might as well keep everything in one place.
 
I was planning on using PF for my firewall after I got the routing working. After compiling in PF I have a setup that works for me.

Thanks for the heads up, I'll mark this thread as solved.

Cheers!
 
You must log in or register to reply here.
Back
Top