PPPoE + nat problem

X

xandor

Hi All,
I have a strange problem, and i am not to familiar with PPPoE, but i have configure a tunnel to my ISP (dsl) and the tunnel is up an running. I am using ppp(.conf). In addition, i have an other interface for my local net, which i want to NAT and that only partially works. If do a tcpdump on the external interface (tun0) is see that the packets are translated and coming back (172.31.63.X internal network).

Code: 
# tcpdump -ni tun0
18:40:18.397170 IP 172.31.63.130.59933 > 8.8.8.8.53: 26260+ A? xs4all.nl. (27)
18:40:18.406982 IP 8.8.8.8.53 > 172.31.63.130.59933: 26260 1/0/0 A 194.109.6.93 (43)

But if i look at the internal network i only see traffic going from internal to external
Code: 
# tcpdump -ni genet0 icmp
18:52:36.408841 IP 172.31.63.130 > 194.109.6.93: ICMP echo request, id 11, seq 1, length 64
18:52:37.425674 IP 172.31.63.130 > 194.109.6.93: ICMP echo request, id 11, seq 2, length 64
18:52:38.449237 IP 172.31.63.130 > 194.109.6.93: ICMP echo request, id 11, seq 3, length 64

I have tried a lot of things with nat both in ppp and in pf. But their is one thing that puts me off in the /var/log/ppp.conf i think that might be related to my issue. Does any one have a clue what this means? of seen the issue before?

Code: 
Apr 21 18:18:59  ppp[1985]: tun0: Warning: ::/0: Change route failed: errno: No such process
Apr 21 18:18:59  syslogd: last message repeated 3 times
Apr 21 18:18:59  ppp[1985]: tun0: Warning: ff02::/: Change route failed: errno: No such process
Apr 21 18:18:59  syslogd: last message repeated 9 times
 
xandor said:
Code: 
# tcpdump -ni tun0 
18:40:18.397170 IP 172.31.63.130.59933 > 8.8.8.8.53: 26260+ A? xs4all.nl. (27) 
18:40:18.406982 IP 8.8.8.8.53 > 172.31.63.130.59933: 26260 1/0/0 A 194.109.6.93 (43)
Click to expand...
NAT isn't working here. The source address should be your internet IP address, not an internal private address.

Your NAT should be placed on the tun0 interface.

Code: 
ext_if="tun0"
int_if="genet0"

nat on $ext_if from $int_if:network to any -> ($ext_if)
 
if you use ppp just add
nat enable yes
in the config file and thats it
no need to use pf/ipfw for nat
also i found that net/mpd5 works better than base ppp (it also has built in nat)
 
You must log in or register to reply here.
Back
Top