Hi,
Heres the setup i've got:
pppoe0 (connected to fxp1) - ADSL connection
fxp0 - LAN (NAT)
reading in pppoe(4):
" Problems can arise on machines with private IPs connecting to the Inter-
net via a machine running both Network Address Translation (NAT) and
pppoe. Standard Ethernet uses a Maximum Transmission Unit (MTU) of 1500
bytes, whereas PPPoE mechanisms need a further 8 bytes of overhead. This
leaves a maximum MTU of 1492. pppoe sets the MTU on its interface to
1492 as a matter of course. However, machines connecting on a private
LAN will still have their MTUs set to 1500, causing conflict."
It goes on to say:
"Setting the MTU on all interfaces being NAT'ed to 1492, instead of
the Ethernet default, 1500. This can be done using ifconfig(8). The
following would set the MTU to 1492 on interface bge0:
# ifconfig bge0 mtu 1492"
My question is, do you set the mtu on the box NAT'ing (fxp0, in this
case), the box connecting to it, or both?
Thanks!
PS: Something weird i've noticed is:
"
pppoe0: phase establish
pppoe0: phase authenticate
pppoe0: phase terminate
pppoe0: phase authenticate
pppoe0: phase network
"
Any ideas why it connects, authenticates, terminates, connects again
and then stays connected? This isn't a one of, it seems to happen
quite consistently EVERY time.
(I'm not sure why you would need this information, but I feel it's
better to give too much than too little)
--- dmesg ---
OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class, 128KB L2 cache) 796 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem = 132685824 (129576K)
avail mem = 114565120 (111880K)
using 1645 buffers containing 6737920 bytes (6580K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(57) BIOS, date 08/18/01, BIOS32 rev. 0 @ 0xfd840
pcibios0 at bios0: rev 2.1 @ 0xfd840/0x7c0
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf00/224 (12 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0xc000 0xcc000/0x1800 0xcd800/0x1800 0xcf000/0x1800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82815 Hub" rev 0x04
vga1 at pci0 dev 2 function 0 "Intel 82815 Graphics" rev 0x04:
aperture at 0xf8000000, size 0x4000000
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb0 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x11
pci1 at ppb0 bus 1
fxp0 at pci1 dev 7 function 0 "Intel 82557" rev 0x08, i82559: irq 11,
address 00:d0:b7:db:04:1f
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
fxp1 at pci1 dev 8 function 0 "Intel 82562" rev 0x03: irq 9, address
00:30:05:11:eb:8b
inphy1 at fxp1 phy 1: i82562EM 10/100 PHY, rev. 0
fxp2 at pci1 dev 11 function 0 "Intel 82557" rev 0x08, i82559: irq 11,
address 00:d0:b7:84:47:13
inphy2 at fxp2 phy 1: i82555 10/100 PHY, rev. 4
fxp3 at pci1 dev 15 function 0 "Intel 82557" rev 0x08, i82559: irq 11,
address 00:d0:b7:9d:16:ca
inphy3 at fxp3 phy 1: i82555 10/100 PHY, rev. 4
ichpcib0 at pci0 dev 31 function 0 "Intel 82801BA LPC" rev 0x11
pciide0 at pci0 dev 31 function 1 "Intel 82801BA IDE" rev 0x11: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <MAXTOR 4K020H1>
wd0: 16-sector PIO, LBA, 19470MB, 39876480 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
uhci0 at pci0 dev 31 function 2 "Intel 82801BA USB" rev 0x11: irq 9
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
"Intel 82801BA SMBus" rev 0x11 at pci0 dev 31 function 3 not configured
uhci1 at pci0 dev 31 function 4 "Intel 82801BA USB" rev 0x11: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ff65 netmask ff65 ttymask ffe7
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
pppoe0: phase establish
pppoe0: phase authenticate
pppoe0: phase terminate
pppoe0: phase authenticate
pppoe0: phase network
--- END of dmesg ---
--- pf.conf ---
# /etc/pf.conf
# ===== MACROS
dsk_if = "fxp0"
ext_if = "pppoe0"
int_ifs = "fxp0"
tcp_services = ""
#icmp_types_ext = ""
#icmp_types_int = "echoreq"
priv_nets = " { 127.0.0.0/8, 192.168.0.0/16, 172.168.0.0/12, 10.0.0.0/8 }"
# ===== OPTIONS
set loginterface $ext_if # Log on external interface
# ===== SCRUB
scrub in all # Good practice
# ===== NAT/RDR
nat on $ext_if from $dsk_if:network to any -> ($ext_if) # NAT for desktops
# ===== FILTER
block all # Default deny
pass quick on lo0 all # Allow loopback, no point evaluating the rest so do quick
block drop in quick on $ext_if from $priv_nets to any # Private
addresses should never be floating around on the internet
block drop out quick on $ext_if from any to $priv_nets # ABOVE!
#pass in on $ext_if inet proto tcp from any to ($ext_if) port
$tcp_services flags S/SA keep state # Allow access to $tcp_services
from evil internet
#pass in on $ext_if inet proto icmp all icmp-type $icmp_types_ext keep
state # Allow access to icmp if it's in $icmp_types_ext from internet
#pass in on $int_ifs inet proto icmp all icmp-type $icmp_types_int
keep state # Allow access to icmp if it's in $icmp_types_int from LAN
# FIXME: Change this when authpf implemented :)
pass in on $int_ifs from $int_ifs:network to any keep state
pass out on $int_ifs from any to $int_ifs:network keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
--- end of pf.conf ---
--- ifconfig ---
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1492
address: 00:d0:b7:db:04:1f
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 10.3.1.1 netmask 0xffffff00 broadcast 10.3.1.255
inet6 fe80::2d0:b7ff:fedb:41f%fxp0 prefixlen 64 scopeid 0x1
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:30:05:11:eb:8b
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
inet6 fe80::230:5ff:fe11:eb8b%fxp1 prefixlen 64 scopeid 0x2
fxp2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
address: 00:d0:b7:84:47:13
media: Ethernet autoselect (none)
status: no carrier
fxp3: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
address: 00:d0:b7:9d:16:ca
media: Ethernet autoselect (none)
status: no carrier
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
pfsync0: flags=0<> mtu 2020
enc0: flags=0<> mtu 1536
pppoe0: flags=a851<UP,POINTOPOINT,RUNNING,SIMPLEX,LINK1,MULTICAST> mtu 1492
dev: fxp1 state: session
sid: 0xf5e6 PADI retries: 0 PADR retries: 0 time: 0:10:11
inet 83.245.46.101 --> 0.0.0.1 netmask 0xffffffff
inet6 fe80::2d0:b7ff:fedb:41f%pppoe0 -> prefixlen 64 scopeid 0x9
--- end of ifconfig ---
