Hello.
PPPoE interface was created and ifconfig shows following information:
pppoe0 Link encap:Point-to-Point Protocol
inet addr:87.139.19.153 P-t-P:217.5.98.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:138 errors:0 dropped:0 overruns:0 frame:0
TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:46067 (44.9 Kb) TX bytes:1966 (1.9 Kb)
The netstat -r shows these information:
[exp...@cp-1]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
217.5.98.5 * 255.255.255.255 UH 0 0 0 pppoe0
10.157.130.0 * 255.255.255.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 217.5.98.5 0.0.0.0 UG 0 0 0 pppoe0
I removed the "virtual IP adress" [192.168.1.1] I had assigned to the network
interface eth0 (used for pppoe). Then I made a update topology to remove eth0
with his IP, created the pppoe0 interface manually and inserted the public IP
which will assign by pppoe dialn.
I created a network object for the public IP and a manual NAT rule with this to
hide all outgoing traffic behind this IP.
The strange thing is, ICMP works well (request, reply and I see translated
packages with iIoO) but dns (name resolution) doesn't work. I can't see
traslated outgoing packges (O) in the capture file, I made with 'fw monitor
-iIoO -o capture-file.cap'.
Best regard
Olaf
-----Ursprüngliche Nachricht-----
Von: Mailing list for discussion of Firewall-1
[mailto:[email protected]] Im Auftrag von pkc_mls
Gesendet: Freitag, 8. Oktober 2010 09:13
An: [email protected]
Betreff: Re: [FW-1] trouble whith DSL setup (pppoe) on SPLAT (open server)
Le 10/7/2010 11:17 PM, Bachmann, Olaf a écrit :
> Hi.
Hallo,
> I have trouble to setup DSL (pppoe) on SPLAT (open server). Does anyone
> have a how-to for that? The CheckPoint KB isn't realy helpful. I've also
> noticed the KB sk41750.
You create the interface via sysconfig or https admin.
Once it has been created, check with an ifconfig and netstat tha bot
interface and route are correct.
> All I did is to create a new interfcace (pppoe) and assigned it to the
> physical interface eth0 (Webadmin).
>
>
>
> Because the pppoe0 interface will not import via topology import,
> someone told me I should assign a virtual IP address to eth0. After the
> "Import Interface with Topology" I should change the imported IP to the
> static public ip which will assign via pppoe dialin.
You can create the pppoe0 interface manually in the topology. (at least
it works for my config here).
> The SmartTracker shows outgoing traffic but without response (NAT-hide
> rule is present).
create a network object for the public IP that comes with the pppoe, and
create a manual nat hide
to translate source IPs behind the pppoe public IP interface for outgoing.
check with fw monitor that the traffic is correctly translated.
> Olaf
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
Geschäftsführer:
Herr Dr. Peter Heilmann
Herr Uwe Jaroschewski
HRB 84278
Amtsgericht Berlin Charlottenburg
Ust-IdNr: DE 813533741
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
Scanned by Check Point Total Security Gateway.
