Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Pppoe/nat problem

    General pfSense Questions
    3
    4
    7421
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      snfc21 last edited by

      Hello,

      I'm trying to only let my computers access the internet when they connect to the server using pppoe.

      I've enabled pppoe server as described below:

      Server address: 192.168.254.254
      Remote address range: 192.168.254.0

      I have added a user, specified an IP address - 192.168.254.1 - (windows didn't want to connect unless i specified an ip address), added the rules below to the firewall:

      allow / proto any / source any / port any / destination any / port any / gateway default  (LAN)
      allow / proto any / source any / port any / destination any / port any / gateway default (PPPoE VPN)

      Also, added NAT rule for 192.168.254.0/24

      Connecting from windows works ok, but i cannot surf (like the NAT or something else is not working). What is not working, i don't know. I cannot ping 192.168.254.254 (the server address), but on the pfsense server i see the addresss when i do a ifconfig.

      On the windows machine, doing an ipconfig i have the following result:

      Ethernet adapter Local Area Connection:

      Connection-specific DNS Suffix  . :
              Description . . . . . . . . . . . : SiS 900 PCI Fast Ethernet Adapter
              Physical Address. . . . . . . . . : 00-07-95-C4-FB-24
              Dhcp Enabled. . . . . . . . . . . : No
              IP Address. . . . . . . . . . . . : 192.168.6.1
              Subnet Mask . . . . . . . . . . . : 255.255.255.0
              IP Address. . . . . . . . . . . . : 192.168.0.2
              Subnet Mask . . . . . . . . . . . : 255.255.255.0
              Default Gateway . . . . . . . . . : 192.168.0.1
              DNS Servers . . . . . . . . . . . : 212.93.137.18
                                                  212.93.136.2

      PPP adapter test:

      Connection-specific DNS Suffix  . :
              Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
              Physical Address. . . . . . . . . : 00-53-45-00-00-00
              Dhcp Enabled. . . . . . . . . . . : No
              IP Address. . . . . . . . . . . . : 192.168.254.1
              Subnet Mask . . . . . . . . . . . : 255.255.255.255
              Default Gateway . . . . . . . . . : 192.168.254.1
              DNS Servers . . . . . . . . . . . : 192.168.0.1
                                                  212.93.137.18
              NetBIOS over Tcpip. . . . . . . . : Disabled

      As you can see, IP Address and Default Gateway are the same, which, from my point of view is a big problem and nothing would ever work like that..

      Now , tell me what is really wrong, if anyone knows:

      • is it on the windows computer?
      • the pppoe vpn? (i have not much settings to play with in the web interface for pppoe server)
      • are the NAT settings?
      • DHCP?!?!
      • anything else?

      Where should i look ?

      1 Reply Last reply Reply Quote 0
      • H
        hoba last edited by

        @snfc21:

        Hello,

        I'm trying to only let my computers access the internet when they connect to the server using pppoe.

        I've enabled pppoe server as described below:

        Server address: 192.168.254.254
        Remote address range: 192.168.254.0

        Specify a real remote starting adress here .0 is not valid.

        @snfc21:

        I have added a user, specified an IP address - 192.168.254.1 - (windows didn't want to connect unless i specified an ip address), added the rules below to the firewall:

        allow / proto any / source any / port any / destination any / port any / gateway default  (LAN)
        allow / proto any / source any / port any / destination any / port any / gateway default (PPPoE VPN)

        Also, added NAT rule for 192.168.254.0/24

        Connecting from windows works ok, but i cannot surf (like the NAT or something else is not working). What is not working, i don't know. I cannot ping 192.168.254.254 (the server address), but on the pfsense server i see the addresss when i do a ifconfig.

        On the windows machine, doing an ipconfig i have the following result:

        Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
                Description . . . . . . . . . . . : SiS 900 PCI Fast Ethernet Adapter
                Physical Address. . . . . . . . . : 00-07-95-C4-FB-24
                Dhcp Enabled. . . . . . . . . . . : No
                IP Address. . . . . . . . . . . . : 192.168.6.1
                Subnet Mask . . . . . . . . . . . : 255.255.255.0
                IP Address. . . . . . . . . . . . : 192.168.0.2
                Subnet Mask . . . . . . . . . . . : 255.255.255.0
                Default Gateway . . . . . . . . . : 192.168.0.1
                DNS Servers . . . . . . . . . . . : 212.93.137.18
                                                    212.93.136.2

        PPP adapter test:

        Connection-specific DNS Suffix  . :
                Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
                Physical Address. . . . . . . . . : 00-53-45-00-00-00
                Dhcp Enabled. . . . . . . . . . . : No
                IP Address. . . . . . . . . . . . : 192.168.254.1
                Subnet Mask . . . . . . . . . . . : 255.255.255.255
                Default Gateway . . . . . . . . . : 192.168.254.1
                DNS Servers . . . . . . . . . . . : 192.168.0.1
                                                    212.93.137.18
                NetBIOS over Tcpip. . . . . . . . : Disabled

        As you can see, IP Address and Default Gateway are the same, which, from my point of view is a big problem and nothing would ever work like that..

        Actually PPP connections work like that.

        @snfc21:

        Now , tell me what is really wrong, if anyone knows:

        • is it on the windows computer?
        • the pppoe vpn? (i have not much settings to play with in the web interface for pppoe server)
        • are the NAT settings?
        • DHCP?!?!
        • anything else?

        Where should i look ?

        It might be that we don't create a NAT entry for that connection by default. Please try the following:
        Firewall>NAT outbound Tab
        Enable advanced outbound nat
        Save
        It will create an outbound NAT entry for the LAN subnet in the table below
        Hit the [+] right to that entry to create a copy of that one and change the source to your PPPoE network 192.168.254.0/24
        Save
        Apply

        Does it work now?

        1 Reply Last reply Reply Quote 0
        • S
          snfc21 last edited by

          Server address: 192.168.254.254
          Remote address range: 192.168.254.0

          Specify a real remote starting adress here .0 is not valid.

          I have, but upon submitting the form, the remote address range defaults to a class (192.168.254.0) , no matter if i specify an address (eg. 192.168.254.1 )

          It might be that we don't create a NAT entry for that connection by default. Please try the following:
          Firewall>NAT outbound Tab
          Enable advanced outbound nat
          Save
          It will create an outbound NAT entry for the LAN subnet in the table below
          Hit the [+] right to that entry to create a copy of that one and change the source to your PPPoE network 192.168.254.0/24
          Save
          Apply

          Well, I did somethink like you said above:

          outbound nat / enable outbound nat
          and afterwards, edited the 192.168.0.0/24 rule (since i won't be needing NAT for this class) and instead of 192.168.0.0/24 put 192.168.254.0/24
          anyway, on clicking save, it automatically adds a new rule for 192.168.0.0/24 , so i had two function-identical rules in the end, one for 192.168.0.0/24 and one for 192.168.254.0/24

          Does it work now?

          It doesn't!

          1 Reply Last reply Reply Quote 0
          • A
            aldo last edited by

            Server address: 192.168.254.254
            Remote address range: 192.168.254.0

            i dont know what version you are using but i think you have a problem with your subnet mask 'pppoe units'
            in your pppoe configureation

            192.168.254.0 will be iether 24 25 26 27 28 29 30 as a subnet
            you are better to make a 'pppoe units of say 192.168.254.128/25 and a gateway of 192.168.254.1
            the pppoe gateway must lye outside of the 'pppoe units subnet'

            post the snip of your pppoe xml. your problem looks like it is here and i am sure your logs will reinforce this

            1 Reply Last reply Reply Quote 0
            • First post
              Last post