freebsd PPPoe server + squid + gateways

Posted: August 5, 2010 in Freebsd

Freebsd pppoe server + gateways

I have been searching and asking my uncle big “G”…. there is no proper tutorial about pppoe on freebsd.

And for that i have to note this for me and for anybody there who needed.

No kernel configuration is necessary for PPPoE any longer ( freebsd 7 and 8)

1. Setting up ppp.conf

bsd# pico ppp.conf

##################################################################
# ——————————
# This script base on MaUi^ http://staff.MyBSD.org.my/maui
# ——————————
default:
# ——————————
# to allow user menu dial the connection
# allow users menu
# ——————————
# add default gateway when connected
add default HISADDR
# ——————————
# to enable NAT for sharing internet with other pc
nat enable yes
# ——————————
# enable dcc send from client behind the gateway
nat same_ports yes
nat use_sockets yes
# ——————————
# to see connection error/link/speed : tail -f /var/log/ppp.log
set log phase tun connect
# ——————————
# redirect port from otherside to local machine,
# nat port tcp <target ip:port> <port on tun0>
# nat port tcp 192.168.1.1:80 8080
# nat port tcp 192.168.1.1:21 2121
# ——————————
# auto update with the isp nameserver in /etc/resolv.conf
# enable dns
# or define disable dns
disable dns
# or used other dns server
# set dns 127.0.0.1
# ——————————
# Other, not really needed
# enable pap
# disable lqr
# deny lqr
# disable pred1
# deny pred1
# ——————————
# ADSL Connection label (ppp over ethernet/PPPoE)
adsl:
# ——————————
# rl1 is a network interface for ppp over ethernet, change to your network device.
# if you get unstable connection or always disconnected,
# put a dummy ip on rl1 (on-fly change, temp!) : ifconfig rl1 0.0.0.0 mtu 1492
# put in rc.conf to save : ifconfig_rl1=”0.0.0.0 mtu 1492
set device PPPoE:rl1 # <—– change to your interface
# ——————————
enable lqr
set cd 5
set dial
set login
set redial 0 0
set speed sync
set mru 1492
set mtu 1492
set ctsrts off
# ——————————
# enter your login name and password!
set authname loginname@isp
set authkey yourpassword
# ——————————
##################################################################

2. Running ppp

bsd# ppp -ddial label  ##(exp : ppp -ddial adsl)

3. Starting ppp on boot

bsd# pico /etc/rc.conf

##########################################

# User ppp configuration.

ppp_enable=”YES” # Start user-ppp (or NO).

ppp_program=”/usr/sbin/ppp” # Path to user-ppp program.

ppp_mode=”ddial” # Choice of “auto”, “ddial”, “direct” or “dedicated”.

ppp_nat=”YES” # Use PPP’s internal network address translation or NO.

ppp_profile=”change me” # Which profile to use from /etc/ppp/ppp.conf.

##########################################

4. Install squid

bsd# pkg_add -r squid

please see squid.conf on https://panaharjuna.wordpress.com/2010/07/17/squid-for-freebsd-thanks-to-maui/

5. Set up ipnat.rules

bsd# pico /etc/ipnat.rules

#############################

# RDR RULES!!

# Transparent proxy:

# change nfe0 to your interface

rdr nfe0 0/0 port 80 -> 127.0.0.1 port 31288 tcp

#######################################

6. Set up ipf firewall

bsd# pico /etc/ipf.rulse

#######################################

# ipfilter rules for transparent cache (change nfe0 to whatever NIC you use)

## Allow ALL , loopback

pass in on lo0 all

pass out on lo0 all

## Allow ALL, nfe0

pass in on nfe0 all

pass out on nfe0 all

#######################################

7. Boot time

bsd# pico /etc/rc.conf

######################

#IPFILTER enabled

ipfilter_enable=”YES”

ipfilter_program=”/sbin/ipf”

ipfilter_rules=”/etc/ipf.rules”

ipfilter_flags=””

#IPNAT enabled

ipnat_enable=”YES”‘

ipnat_rules=”/etc/ipnat.rules”

ipmon_enable=”/sbin/ipf”

ipfs_enable=”/sbin/ipf”

######################

last thing to do is

REBOOT!!!!

bsd# reboot

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s