I setup the PPPoE with these in the /etc/ppp/ppp.conf
default:
set log Phase tun command
set redial 15 0
set reconnect 15 10000
pppoe:
set device "!/usr/sbin/pppoe -i dc0"
disable acfcomp protocomp
deny acfcomp
set speed sync
set dial
set login
set authname b1jwzn79
set authkey m1l4r8
add default HISADDR
enable dns
enable mssfixup
I can access internet from this gateway, but I can't
access internet from my intranet. Previously I have a
pf.conf which is used for my gateway, it use ethernet
to connect to enternet. but now I have to use PPPoE to
connect the ethernet. I don't know how to do it.
Please give me some advice, Thanks.
This is my pf.conf
# pf.conf for OpenBSD3.2
# Gavin Li
# The external interface is dc0
# use a macro for the interface name, so it can be
changed easily
ext_if = "dc0"
#ext_ip = ($ext_if) #"24.153.101.144"
int_if = "dc1"
int_ip = "192.168.1.1"
web_ip = "192.168.1.2"
int_net = "192.168.1.0/24"
# normalize all incoming traffic
scrub in on $ext_if all fragment reassemble
# NAT
# translate outgoing packets' source addresses (any
protocol)
# in this case, any address but the gateway's external
address is mapped
nat on $ext_if inet from ! ($ext_if) to any ->
($ext_if)
# RDR
# translate incoming packets' destination addresses
# as an example, redirect a TCP and UDP port to an
internal machine
rdr on $ext_if inet proto tcp from any to ($ext_if)
port 80 -> $web_ip port 80
#rdr on $ext_if inet proto udp from any to ($ext_if)
port 80 -> $web_ip port 80
pass in quick on $ext_if inet proto tcp from any to
$web_ip port 80
# block and log everything by default
block out log on $ext_if all
block in log on $ext_if all
block return-rst out log on $ext_if proto tcp all
block return-rst in log on $ext_if proto tcp all
block return-icmp out log on $ext_if proto udp all
block return-icmp in log on $ext_if proto udp all
# block anything coming from source we have no back
routes for
block in from no-route to any
# block and log outgoing packets that don't have our
address as source,
# they are either spoofed or something is
misconfigured (NAT disabled,
# for instance), we want to be nice and don't send out
garbage.
block out log quick on $ext_if inet from ! ($ext_if)
to any
# silently drop broadcasts (cable modem noise)
block in quick on $ext_if from any to 255.255.255.255
# block and log incoming packets from reserved address
space and invalid
# addresses, they are either spoofed or misconfigured,
we can't reply to
# them anyway (hence, no return-rst).
block in log quick on $ext_if from { 10.0.0.0/8,
172.16.0.0/12, \
192.168.0.0/16, 255.255.255.255/32 } to any
# ICMP
# pass out/in certain ICMP queries and keep state
(ping)
# state matching is done on host addresses and ICMP id
(not type/code),
# so replies (like 0/0 for 8/0) will match queries
# ICMP error messages (which always refer to a TCP/UDP
packet) are
# handled by the TCP/UDP states
pass out on $ext_if inet proto icmp all icmp-type 8
code 0 keep state
pass in on $ext_if inet proto icmp all icmp-type 8
code 0 keep state
# UDP
# pass out all UDP connections and keep state
pass out on $ext_if proto udp all keep state
# pass in certain UDP connections and keep state (DNS)
pass in on $ext_if proto udp from any to any port
domain keep state
# TCP
# pass out all TCP connections and modulate state
pass out on $ext_if proto tcp all modulate state
# pass in certain TCP connections and keep state (SSH,
SMTP, DNS, IDENT)
pass in on $ext_if proto tcp from any to any port {
ssh, smtp, domain, \
auth } flags S/SA keep state
# pass in data mode connections for ftp-proxy running
on this host.
# (see ftp-proxy(8) for details)
pass in on $ext_if inet proto tcp from any to
($ext_if) port >= 49152 \
flags S/SA keep state
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com