I have unfortunately been stuck with having to use a 56k dialup
connection at home at least until the phone company runs DSL out
here, (6 months, but I won't hold my breath). Anyway there are a few
computers here, that need to have access so since had used OpenBSD as
a firewall when I had cable before I moved I decided to look into that.
I have ppp dialing correctly and providing service to everyone if i
ssh into the machine launch ppp with `ppp -at isp` and at the ppp>
prompt type dial. if I launch ppp with `ppp -nat -auto isp` ppp never
dials out.
I have pppd dialing correctly and with the demand setting in /etc/ppp/
options it will background, dial out when iI open a web browser on
another machine but I can not browse the web from either lynx on the
firewall or any browser on a client machine. It does seem to give
ppp0 the correct address's and set ppp0 as the gateway.
I feel that I almost got it right, but since this is the first time
setting up a modem connection and a dial on demand server and working
on it yesterday for too long, I've missed a setting somewhere or
misconfigured either the ppp settings or pf. If anyone has any
suggestions as to where I've goofed it would be appreciated.
I would prefer to use pppd as I can set what can trigger it to dial
out, but if I can get either ppp or pppd working I'd be happy.
I'm sure I have a lot of unneeded stuff in these config files by now.
Firewall is OpenBSD 4.1 RELEASE
/etc/ppp/ppp.conf"
!include ~/.ppp.conf
default:
set device /dev/tty00
set speed 115200
set authname "username"
set authkey password
set server +3000 showmeisp
set redial random 100
set mtu max 1500
set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
add default HISADDR
isp:
set device /dev/tty00
set speed 115200
set authname "username"
set authkey password
set server +3000 showmeisp
set redial random 100
set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
add default HISADDR
set phone 5574061
set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATZ
OK-ATZ-OK ATDT\\T TIMEOUT 120 CONNECT \r\r"
set login "TIMEOUT 30 login:-\\r-login: username ssword:
password 1524"
add! default HISADDR
set log local Chat
enable dns
/etc/ppp/options:
demand
nopersist
/dev/tty00
lock
crtscts
115200
modem
defaultroute
noipdefault
idle 600
mru 1500
ipcp-accept-remote
ipcp-accept-local
10.0.0.2:10.0.0.3
netmask 255.255.255.255
active-filter 'dst port 80'
active-filter 'dst port 53'
call elink
/etc/ppp/peers/elink:
tty00 115200 crtscts
connect '/usr/sbin/chat -V -f /etc/ppp/peers/elink.chat'
noauth
/etc/ppp/peers/elink.chat:
ECHO ON
ABORT BUSY
ABORT 'NO CARRIER'
'' ATZ
OK ATDT5574061
TIMEOUT 120
CONNECT \r\r
SAY "\nLogging in ... \n"
ogin:--ogin: "username"
ssword: "password"
/etc/pf.conf: Currently set to use tun0 as the ext_if, when trying
with pppd ext_if is set to ppp0
#PF CONF
#Lists
#Macros
ext_if = "tun0"
int_if = "fxp0"
#TABLES
table <mynetwork> { 192.168.0.0/24 }
#OPTIONS
set block-policy return
set loginterface $ext_if
set skip on lo0
scrub in all
#QoS
altq on $ext_if priq bandwidth 50Kb queue { q_pri, q_def }
queue q_pri priority 7
queue q_def priority 1 priq(default)
#NAT
nat on $ext_if from $int_if to any -> ($ext_if:peer)
nat-anchor "ftp-proxy/*"
#RDR
rdr-anchor "ftp-proxy/*"
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
#rdr inet proto tcp from any to any port = www -> 127.0.0.1 port 3128
#RULES
antispoof quick for $int_if inet
block in all
anchor "ftp-proxy/*"
pass in on $int_if from <mynetwork> to $int_if keep state
pass out on $int_if from 192.168.0.1 to <mynetwork> keep state
pass in on $int_if from <mynetwork> to any keep state
pass out on $ext_if proto { tcp } from $int_if to ($ext_if) flags S/
SA keep state queue (q_def, q_pri)
-Thank you.
