Re: PPPD server routing problem? Mandrake/mgetty/pppd/D-link router
From: martin02 (lutherpFORTY_at_bellsouth.net)
Date: 09/30/03
- Next message: Arron: "Authenticating with OpenLDAP"
- Previous message: Stephan Absmeier: "Re: tcp send bigger data faster then small data"
- In reply to: jack: "Re: PPPD server routing problem? Mandrake/mgetty/pppd/D-link router"
- Next in thread: martin02: "Re: PPPD server routing problem? Mandrake/mgetty/pppd/D-link router"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 30 Sep 2003 05:13:11 -0400
jack wrote:
> martin02 wrote:
>> Overall network connection is as follows:
>>
>> Internet <--> DSL modem/D-Link router <--> PPPD server <--> dialin client
>>
>> I have the client making a connection and can send packet requests out
>> into the internet.
>>
>> The problem appears to be that the packets go out from the client to the
>> internet just fine. But when the inbound packet responses come back from
>> the internet they hit the pppd server box and they are not passed back to
>> the ppp0 connection. [based on what I am seeing in tcpdump for both ppp0
>> and eth0 on the pppd server.]
>
> Try sending some information about Your routing and packet filtering
> setup...
>
> That responses from the internet return to Your dial-in server shows
> that You SNAT those all right, but did You SNAT or MASQUERADE them?
>
> Can the client get anything else from that box?
>
>
> Cheers, Jack.
>
Jack,
Thank you for taking the time to reply.
=====
Answer 1 and Answer 2
The last time I worked on MASQ and packet filtering we were using IPCHAINS
in Mandrake v8.x. The paradigm for is sufficiently different with IPTABLES
that they spin me around for a loop and hadn't gotten a grasp on how they
work, so I haven't touched them yet.
I seem to have an opportunity. Neither IPCHAINS nor IPTABLES are installed.
I wonder how I missed that. Probably because I got lazy using a hardware
router and installed Mandi v9 clean using defaults.
So regarding your routing and packet filtering question, whatever the
defaults are for Mandrake 9.0/9.1 w/o IPCHAINS and IPTABLES installed. The
routing instructions I currently use are at the end of this reply as part
of the modified config entries below.
Basically a clean slate to work with.
=====
Answer 3
The client can ping and receive replies inside the local LAN and from the
D-Link router itself, but not pull down any files from the web server that
is part of the same box as MGETTY/PPPD. (This might have been a fluke. I
only tested the local web sporadically.)
It can ping beyond the D-Link router (outside the LAN), but the replies are
stopped at the PPPD server. The D-Link's NAT is probably nailing me here.
=====
Speculation
With the D-Link is running some NAT to get it back to the PPPD server box.
I am pretty sure that the problem is that you can't translate IP addresses
twice out to the internet. Once in the D-link and a second time at the PPPD
server. If it was possible to get the IP address assigned from the D-Link
DHCP server via the ppp0 connection, I am thinking the problem would
correct itself. But I don't know how to do that, or if it is even
possible. That would probably be the most elegant solution.
=====
Configuration
These are the changes from "defaults" so far.
MGETTY - Enable AutoPPP in login.config:
/AutoPPP/ - a_ppp /usr/sbin/pppd auth -chap +pap debug
MGETTY - Added Modem init stuff to mgetty.config:
# For US Robotics Sportster 28.8 with speaker off
port ttyS0
init-chat "" ATZ OK AT&F1M0E1Q0S0=0 OK
answer-chat "" ATA CONNECT \c \r
statistics-file /var/log/statistics.ttyS0
MGETTY - No changes to default dialin.config
PPPD - Changed contents of "options" file <note: I could not get AutoPPP to
fire up a "options.server" file. Some more RTFM me thinks to fix this, but
I do not believe it is important as I don't use pppd for anything else
right now.>
-detach
asyncmap 0
modem
crtscts
lock
proxyarp
netmask 255.255.255.0
ms-dns <IP address to ISP DNS1>
ms-dns <IP address to ISP DNS2>
require-pap
refuse-chap
192.168.0.133:192.168.0.200 <where 1st IP is eth0 and 2nd IP is ppp0>
PPPD - Added a "options.ttyS0" file.
ppp0.myhost.net:ppp0
192.168.0.133:192.168.0.200 [duplicated entry. see options file.]
ms-dns <IP address to ISP DNS1> [duplicated entry. see options file.]
ms-dns <IP address to ISP DNS2> [duplicated entry. see options file.]
PPPD - Setup "pap-secrets" file for non-linux box user access. The user is
not intended to log into the Linux box at all, although he can if if comes
in via SLIP. <probably should disable SLIP, but not now.>
# Secrets for authentication using PAP
# client server secret IP addresses
user1 * password 192.168.0.200
PPPD - Setup "ip-up.local" file. Currently disabled because there is already
a default route that keeps getting recreated to the D-Link gateway and the
packets sent from ppp0 were getting re-routed backwards back into ppp0
where they came from.
/sbin/route add default $1
HOST - Added entries to "host" file. <these are NOT intended to be internet
resolvable domain names. This was intentional.>
192.168.0.200 ppp0.myhost.net
192.168.0.133 mydialin.myhost.net
INITTAB - Made change to "inittab" file to correct mgetty's default entries
and commented the remaining entries out.
S1:345:respawn:/sbin/mgetty -D -x2 /dev/ttyS0
ROUTING - These are commands entered by hand at the moment. I haven't
decided where to put them yet as I think I need them built when a ppp0
connection is established and torn down when the connection is severed.
The echo commands seemed to do the most work. I haven't decided if I need
the ifconfig and route commands yet.
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
ifconfig eth0:0 192.168.0.200
route add -host 192.168.0.200 dev eth0
- Next message: Arron: "Authenticating with OpenLDAP"
- Previous message: Stephan Absmeier: "Re: tcp send bigger data faster then small data"
- In reply to: jack: "Re: PPPD server routing problem? Mandrake/mgetty/pppd/D-link router"
- Next in thread: martin02: "Re: PPPD server routing problem? Mandrake/mgetty/pppd/D-link router"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
