ADSL PPPOA/VC



  • Hi guys,

    I've the following system:

    Lan –> Pc with pfsense --> D-link 302t (pppoa/vc GDMT)

    Lan on Nic1 and Wan on Nic2 (configured in DHCP mode)

    Adsl with dynamic pubblic IP...

    I need to know in which way I have to set up the NAT to allow my network to surf the web through my adsl modem.......

    Outbound, Inbound? Becouse is not avaible an useful manual ...... :(



  • Nat is turned on by default from internal to external interfaces. Works out of the box. If you WAN-Connection is up you should be able to surf.



  • this is the problem, the connection is working (if I use the modem directly from a pc) but when I use the modem thorugh pfsense….. believe me it don't surf the net
    ...... the modem have an own connection manager so it's always on.........



  • Does your pfSense box get's a IP from your 'modem' (actually, it's a router/modem) ?
    Give your pfSense box a static 'WAN' IP (use the right IP classs/mask, i.e. give it the IP that a PC gets when you conect your router directly to it))
    Can you ping your pfsense 'WAN' IP ?
    Can you ping the router 'LAN' IP ?
    Can you login to telnet/web interface of the router (to check if Internet connection is atually there) : TIP : if it has telnet accesss : ping to the outside !
    Remember : from the router/modem point of view, the pfSense box is just another LAN device.

    I've got many router/modem that handle pppoe (=simple bridge) & router mode = PPPoA and this always works in both modes. Remember that your 'WAN' NIC on the pfSense box has to be in STAIC or DHCP client mode.

    One could chain many routers (only the first one has to have a modem counterpart). My personnal record is 4.

    Nice 'avantage' ( ;) ) : all incoming  connection from the net have to be NAT-'ruled' twice in your setup. Try to see if you could DMZ the WAN IP of the pfSense from the modem/route's point of view… This will simplify things for you. But, you're not there yet.



  • Ok this is the configuration:

    1. I've a Modem and not a ruter: so I think it's necessary to make the pfsense-box work as router :)
    2. the Lan Nic has the 192.168.1.2
    3. the Wan Nic has the 192.168.1.3 with the Modem Ip as gateway (or DHCP, to get the pubblic ip directly from the modem)
    4. the modem has the 192.168.1.1
    5. through Fw rule Of course I can Ping the wan or manage via web the modem
    6. if I set the wan with static ip or in dhcp… the resut is the same ... is not possible to have connection with the internet...
      NOTE 1) the connection is available (I can see the statu into the web configurator of the modem)
      NOTE 2) Is not true that pfsense has outbound nat set on by default.....
      NOTE 3) I would like to know how to set in the best way my pf sense box to work as Router (so How to set up the nat rules) between my lan and my adsl modem....

    Thank you Guys........ ;)



  • chance youre lan ip to
    192.168.2.1

    you have now lan and wan on the same network so pfsense cant route of nat
    with 192.168.1.3 and 192.168.2.1  you have 2 networks and pfsense wil start to nat and to route between the 2 of them



  • @puntura:

    Ok this is the configuration:

    1. I've a Modem and not a ruter: so I think it's necessary to make the pfsense-box work as router :)
    2. the Lan Nic has the 192.168.1.2
    3. the Wan Nic has the 192.168.1.3 with the Modem Ip as gateway (or DHCP, to get the pubblic ip directly from the modem)
    4. the modem has the 192.168.1.1

    Same IP subnet on WAN and LAN side?  Yeah, that's gonna work real good, NOT.

    @puntura:

    1. through Fw rule Of course I can Ping the wan or manage via web the modem
    2. if I set the wan with static ip or in dhcp… the resut is the same ... is not possible to have connection with the internet...
      NOTE 1) the connection is available (I can see the statu into the web configurator of the modem)
      NOTE 2) Is not true that pfsense has outbound nat set on by default.....

    So this code on line 500 of filter.inc does nothing then?
                    $natrules .= filter_nat_rules_generate_if($wanif, "{$lansa}/{$lancfg['subnet']}");
    I'll be damned, I swear it served the funtion of generating this rule:
                    nat on sis1 from 192.168.1.0/24 to any -> (sis1)
    but hey, what do I know

    @puntura:

    NOTE 3) I would like to know how to set in the best way my pf sense box to work as Router (so How to set up the nat rules) between my lan and my adsl modem….

    Thank you Guys........ ;)



  • Ok, guys,

    I'm going to try to use different net address for Lan and Wan…. and we will see if the Auto Nat (alloweb by default) will works well.

    Oterwhise I will try to set my modem in "BRIDGE MODE" and pfsense wan tab in pppt mode..... with Ip address of the modem as target ip....

    Tomorrow you will know everything about this matter.....

    PS: Sorry for my english......  ;D



  • Dear all,

    I found the problem that there is between Pfsense and the external Ethernet Adsl modem
    using PPPOA protocol…... oh my God, pfsense doesn't support this connections mode....
    what I can do to found a Way??? because my provider won't change the protocol in pppoe...
    so???  can't I use pfsense.???? Unbelieveable

    NOTE: See http://cvstrac.pfsense.com/tktview?tn=274 ......



  • Get an exeternal PPPOA modem/router and then hook pfsense up to it.

    It should work fine.    1.1 has support for PPPoA.

    Also, have you looked at http://www.m0n0.ch/wall/list/showmsg.php?id=172/46 ??



  • I already have an external modem dsl PPPOa, connected on the 2 nic (as wan).
    I tried to use the wan interface in DHCP and also in static with the modem as gateway,
    But the result was the same…. no surfing.

    Where Can I found the 1.1 version?? because I thik it'easier that make my provider switch my adsl in pppoe...

    I want to use pfsense..... is great.....
    PS: when we will have a IDS inside pfsense?????



  • 1.0 isn't even released and 1.1 will follow some time after 1.0 of course though there are already several features developed for 1.1.
    IDS is a suggestion for a package but the devs are concentrating on base developement right now, so it's unsure when we'll see that package unless someone from the community takes the part of developing such a package.



  • So , the best solution up to now is to try to call my provider to see if is possible to
    switch from pppoa to pppoe… and then the last release of pfsense sohld be able to works???

    But if I understood well the problem is that pfsense actually is unable to understand the tcp packet
    incapsulated through pppoa protocol????



  • Switchung your line to pppoe might be the "easiest" way atm unless you want to run a handapplied mix between 1.0 and 1.1 which of course isn't supported and firmwareupgrades might even break it again.
    Other option is to use a modem-router to make the dialin as static gateway with the pfsense set as DMZ IP.



  • Mmmhmhmh I think that is better to have pppoe.
    So finally isn't a nat matter but only a simple incomopatibility between pfsense and pppoa….
    From a side I'm happy because at least I know the problem... eheheheheheheh

    I'll keep you all informed about this matter.....
    And if I you want I'll help you to write docs and so on.....



  • Help with docs is always appreciated. Good luck.

    http://doc.pfsense.org


Locked