Netgate SG-1000 microFirewall

Author Topic: pppoe/nat problem  (Read 6713 times)

0 Members and 1 Guest are viewing this topic.

Offline snfc21

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
pppoe/nat problem
« on: February 05, 2006, 10:42:03 am »
Hello,

I'm trying to only let my computers access the internet when they connect to the server using pppoe.

I've enabled pppoe server as described below:

Server address: 192.168.254.254
Remote address range: 192.168.254.0

I have added a user, specified an IP address - 192.168.254.1 - (windows didn't want to connect unless i specified an ip address), added the rules below to the firewall:

allow / proto any / source any / port any / destination any / port any / gateway default  (LAN)
allow / proto any / source any / port any / destination any / port any / gateway default (PPPoE VPN)

Also, added NAT rule for 192.168.254.0/24

Connecting from windows works ok, but i cannot surf (like the NAT or something else is not working). What is not working, i don't know. I cannot ping 192.168.254.254 (the server address), but on the pfsense server i see the addresss when i do a ifconfig.

On the windows machine, doing an ipconfig i have the following result:

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : SiS 900 PCI Fast Ethernet Adapter
        Physical Address. . . . . . . . . : 00-07-95-C4-FB-24
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.6.1
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : 192.168.0.2
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 212.93.137.18
                                            212.93.136.2

PPP adapter test:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.254.1
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.254.1
        DNS Servers . . . . . . . . . . . : 192.168.0.1
                                            212.93.137.18
        NetBIOS over Tcpip. . . . . . . . : Disabled



As you can see, IP Address and Default Gateway are the same, which, from my point of view is a big problem and nothing would ever work like that..

Now , tell me what is really wrong, if anyone knows:
- is it on the windows computer?
- the pppoe vpn? (i have not much settings to play with in the web interface for pppoe server)
- are the NAT settings?
- DHCP?!?!
- anything else?

Where should i look ?


Offline hoba

  • Hero Member
  • *****
  • Posts: 5837
  • Karma: +8/-0
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: pppoe/nat problem
« Reply #1 on: February 05, 2006, 10:53:21 am »
Hello,

I'm trying to only let my computers access the internet when they connect to the server using pppoe.

I've enabled pppoe server as described below:

Server address: 192.168.254.254
Remote address range: 192.168.254.0


Specify a real remote starting adress here .0 is not valid.


I have added a user, specified an IP address - 192.168.254.1 - (windows didn't want to connect unless i specified an ip address), added the rules below to the firewall:

allow / proto any / source any / port any / destination any / port any / gateway default  (LAN)
allow / proto any / source any / port any / destination any / port any / gateway default (PPPoE VPN)

Also, added NAT rule for 192.168.254.0/24

Connecting from windows works ok, but i cannot surf (like the NAT or something else is not working). What is not working, i don't know. I cannot ping 192.168.254.254 (the server address), but on the pfsense server i see the addresss when i do a ifconfig.

On the windows machine, doing an ipconfig i have the following result:

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : SiS 900 PCI Fast Ethernet Adapter
        Physical Address. . . . . . . . . : 00-07-95-C4-FB-24
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.6.1
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : 192.168.0.2
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 212.93.137.18
                                            212.93.136.2

PPP adapter test:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.254.1
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.254.1
        DNS Servers . . . . . . . . . . . : 192.168.0.1
                                            212.93.137.18
        NetBIOS over Tcpip. . . . . . . . : Disabled



As you can see, IP Address and Default Gateway are the same, which, from my point of view is a big problem and nothing would ever work like that..


Actually PPP connections work like that.


Now , tell me what is really wrong, if anyone knows:
- is it on the windows computer?
- the pppoe vpn? (i have not much settings to play with in the web interface for pppoe server)
- are the NAT settings?
- DHCP?!?!
- anything else?

Where should i look ?


It might be that we don't create a NAT entry for that connection by default. Please try the following:
Firewall>NAT outbound Tab
Enable advanced outbound nat
Save
It will create an outbound NAT entry for the LAN subnet in the table below
Hit the
  • right to that entry to create a copy of that one and change the source to your PPPoE network 192.168.254.0/24

Save
Apply

Does it work now?

Offline snfc21

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: pppoe/nat problem
« Reply #2 on: February 06, 2006, 12:30:33 am »


>Server address: 192.168.254.254
>Remote address range: 192.168.254.0

>Specify a real remote starting adress here .0 is not valid.

I have, but upon submitting the form, the remote address range defaults to a class (192.168.254.0) , no matter if i specify an address (eg. 192.168.254.1 )


>It might be that we don't create a NAT entry for that connection by default. Please try the following:
>Firewall>NAT outbound Tab
>Enable advanced outbound nat
>Save
>It will create an outbound NAT entry for the LAN subnet in the table below
>Hit the
  • right to that entry to create a copy of that one and change the source to your PPPoE network 192.168.254.0/24

>Save
>Apply

Well, I did somethink like you said above:

outbound nat / enable outbound nat
and afterwards, edited the 192.168.0.0/24 rule (since i won't be needing NAT for this class) and instead of 192.168.0.0/24 put 192.168.254.0/24
anyway, on clicking save, it automatically adds a new rule for 192.168.0.0/24 , so i had two function-identical rules in the end, one for 192.168.0.0/24 and one for 192.168.254.0/24

>Does it work now?

It doesn't!

Offline aldo

  • Full Member
  • ***
  • Posts: 202
  • Karma: +0/-0
    • View Profile
Re: pppoe/nat problem
« Reply #3 on: February 11, 2006, 05:42:05 am »


>Server address: 192.168.254.254
>Remote address range: 192.168.254.0

i dont know what version you are using but i think you have a problem with your subnet mask 'pppoe units'
in your pppoe configureation

192.168.254.0 will be iether 24 25 26 27 28 29 30 as a subnet
you are better to make a 'pppoe units of say 192.168.254.128/25 and a gateway of 192.168.254.1
the pppoe gateway must lye outside of the 'pppoe units subnet'

post the snip of your pppoe xml. your problem looks like it is here and i am sure your logs will reinforce this