Pppoe/nat problem



  • Hello,

    I'm trying to only let my computers access the internet when they connect to the server using pppoe.

    I've enabled pppoe server as described below:

    Server address: 192.168.254.254
    Remote address range: 192.168.254.0

    I have added a user, specified an IP address - 192.168.254.1 - (windows didn't want to connect unless i specified an ip address), added the rules below to the firewall:

    allow / proto any / source any / port any / destination any / port any / gateway default  (LAN)
    allow / proto any / source any / port any / destination any / port any / gateway default (PPPoE VPN)

    Also, added NAT rule for 192.168.254.0/24

    Connecting from windows works ok, but i cannot surf (like the NAT or something else is not working). What is not working, i don't know. I cannot ping 192.168.254.254 (the server address), but on the pfsense server i see the addresss when i do a ifconfig.

    On the windows machine, doing an ipconfig i have the following result:

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix  . :
            Description . . . . . . . . . . . : SiS 900 PCI Fast Ethernet Adapter
            Physical Address. . . . . . . . . : 00-07-95-C4-FB-24
            Dhcp Enabled. . . . . . . . . . . : No
            IP Address. . . . . . . . . . . . : 192.168.6.1
            Subnet Mask . . . . . . . . . . . : 255.255.255.0
            IP Address. . . . . . . . . . . . : 192.168.0.2
            Subnet Mask . . . . . . . . . . . : 255.255.255.0
            Default Gateway . . . . . . . . . : 192.168.0.1
            DNS Servers . . . . . . . . . . . : 212.93.137.18
                                                212.93.136.2

    PPP adapter test:

    Connection-specific DNS Suffix  . :
            Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
            Physical Address. . . . . . . . . : 00-53-45-00-00-00
            Dhcp Enabled. . . . . . . . . . . : No
            IP Address. . . . . . . . . . . . : 192.168.254.1
            Subnet Mask . . . . . . . . . . . : 255.255.255.255
            Default Gateway . . . . . . . . . : 192.168.254.1
            DNS Servers . . . . . . . . . . . : 192.168.0.1
                                                212.93.137.18
            NetBIOS over Tcpip. . . . . . . . : Disabled

    As you can see, IP Address and Default Gateway are the same, which, from my point of view is a big problem and nothing would ever work like that..

    Now , tell me what is really wrong, if anyone knows:

    • is it on the windows computer?
    • the pppoe vpn? (i have not much settings to play with in the web interface for pppoe server)
    • are the NAT settings?
    • DHCP?!?!
    • anything else?

    Where should i look ?



  • @snfc21:

    Hello,

    I'm trying to only let my computers access the internet when they connect to the server using pppoe.

    I've enabled pppoe server as described below:

    Server address: 192.168.254.254
    Remote address range: 192.168.254.0

    Specify a real remote starting adress here .0 is not valid.

    @snfc21:

    I have added a user, specified an IP address - 192.168.254.1 - (windows didn't want to connect unless i specified an ip address), added the rules below to the firewall:

    allow / proto any / source any / port any / destination any / port any / gateway default  (LAN)
    allow / proto any / source any / port any / destination any / port any / gateway default (PPPoE VPN)

    Also, added NAT rule for 192.168.254.0/24

    Connecting from windows works ok, but i cannot surf (like the NAT or something else is not working). What is not working, i don't know. I cannot ping 192.168.254.254 (the server address), but on the pfsense server i see the addresss when i do a ifconfig.

    On the windows machine, doing an ipconfig i have the following result:

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix  . :
            Description . . . . . . . . . . . : SiS 900 PCI Fast Ethernet Adapter
            Physical Address. . . . . . . . . : 00-07-95-C4-FB-24
            Dhcp Enabled. . . . . . . . . . . : No
            IP Address. . . . . . . . . . . . : 192.168.6.1
            Subnet Mask . . . . . . . . . . . : 255.255.255.0
            IP Address. . . . . . . . . . . . : 192.168.0.2
            Subnet Mask . . . . . . . . . . . : 255.255.255.0
            Default Gateway . . . . . . . . . : 192.168.0.1
            DNS Servers . . . . . . . . . . . : 212.93.137.18
                                                212.93.136.2

    PPP adapter test:

    Connection-specific DNS Suffix  . :
            Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
            Physical Address. . . . . . . . . : 00-53-45-00-00-00
            Dhcp Enabled. . . . . . . . . . . : No
            IP Address. . . . . . . . . . . . : 192.168.254.1
            Subnet Mask . . . . . . . . . . . : 255.255.255.255
            Default Gateway . . . . . . . . . : 192.168.254.1
            DNS Servers . . . . . . . . . . . : 192.168.0.1
                                                212.93.137.18
            NetBIOS over Tcpip. . . . . . . . : Disabled

    As you can see, IP Address and Default Gateway are the same, which, from my point of view is a big problem and nothing would ever work like that..

    Actually PPP connections work like that.

    @snfc21:

    Now , tell me what is really wrong, if anyone knows:

    • is it on the windows computer?
    • the pppoe vpn? (i have not much settings to play with in the web interface for pppoe server)
    • are the NAT settings?
    • DHCP?!?!
    • anything else?

    Where should i look ?

    It might be that we don't create a NAT entry for that connection by default. Please try the following:
    Firewall>NAT outbound Tab
    Enable advanced outbound nat
    Save
    It will create an outbound NAT entry for the LAN subnet in the table below
    Hit the [+] right to that entry to create a copy of that one and change the source to your PPPoE network 192.168.254.0/24
    Save
    Apply

    Does it work now?



  • Server address: 192.168.254.254
    Remote address range: 192.168.254.0

    Specify a real remote starting adress here .0 is not valid.

    I have, but upon submitting the form, the remote address range defaults to a class (192.168.254.0) , no matter if i specify an address (eg. 192.168.254.1 )

    It might be that we don't create a NAT entry for that connection by default. Please try the following:
    Firewall>NAT outbound Tab
    Enable advanced outbound nat
    Save
    It will create an outbound NAT entry for the LAN subnet in the table below
    Hit the [+] right to that entry to create a copy of that one and change the source to your PPPoE network 192.168.254.0/24
    Save
    Apply

    Well, I did somethink like you said above:

    outbound nat / enable outbound nat
    and afterwards, edited the 192.168.0.0/24 rule (since i won't be needing NAT for this class) and instead of 192.168.0.0/24 put 192.168.254.0/24
    anyway, on clicking save, it automatically adds a new rule for 192.168.0.0/24 , so i had two function-identical rules in the end, one for 192.168.0.0/24 and one for 192.168.254.0/24

    Does it work now?

    It doesn't!



  • Server address: 192.168.254.254
    Remote address range: 192.168.254.0

    i dont know what version you are using but i think you have a problem with your subnet mask 'pppoe units'
    in your pppoe configureation

    192.168.254.0 will be iether 24 25 26 27 28 29 30 as a subnet
    you are better to make a 'pppoe units of say 192.168.254.128/25 and a gateway of 192.168.254.1
    the pppoe gateway must lye outside of the 'pppoe units subnet'

    post the snip of your pppoe xml. your problem looks like it is here and i am sure your logs will reinforce this


Locked