qwest dsl + freebsd nat/firewall (not for the technically challenged)
by Travis on May.25, 2008, under Tech Stuff
So this weekend I switched out my internet connection at my house from Comcast to Qwest DSL.
a) it was cheaper
b) i’m getting twice the speed up & down as i was with comcast
c) i wasn’t really diggin the phone service over comcast… *shrug*
So anyway… I’m running a FreeBSD firewall here at the house that’s handling some network address translation and firewall stuff (natd & ipfw) so that I can have my sbs server listen for all the mail transfered from my primary server at the co-location facility as well as linking in my pda phone to my exchange server here… enough with the details…
After a long weekend of fighting with the configuration on this thing and finding that there were no resources on the internet, I dug in and got it working on my own. To remedy this for anyone else who may be running a similar setup here’s the solution:
DSL modem being used: ActionTec M1000
FreeBSD version: 6.3
First and formost, get your PPPoE login information from Qwest. This is your username and password you would use to manually activate your modem and set it up without using the disc. It entails the usual going to http://192.168.0.1 and going through the usual screens and such. Get this all done and make sure your modem syncs up and is online before doing ANYTHING below. Otherwise you’ll be banging your head into the wall.
Assuming you’ve done that, head on back out to the modem mangement page (http://192.168.0.1) and select the Advanced setup. On the left-hand side you will see a series of menus. Click the following sequence.
a) WAN IP Address
b) On the screen that appears on the right, select ‘RFC 1483 Transparent Bridging’
c) Click ‘Save’
That’s it, the modem is set. Now it should disconnect you from the internet and the Internet light will disappear on the modem and you’ll be left with just Ethernet, DSL and Power. Now plug your FreeBSD external NIC into the DSL modem and complete the following:
a) edit the file /etc/ppp/ppp.conf and add in the following lines. Comment out everything except what is listed below for the ‘default’ field:
default:
set log Phase tun command
qwestdsl: set device PPPoE:fxp0
set authname username@qwest.net
set authkey password
set dial
set login
add default HISADDR
b) edit the file /etc/rc.conf and add in the following lines:
# QWEST DSL
ppp_enable=”YES”
ppp_mode=”ddial”
ppp_profile=”qwestdsl”
c) make changes to your existing natd.conf file, wherever it may be. 🙂 You will have to change the interface line from whatever external interface you were using (rl0,fxp0,xl0,etc) to tun0. The reason is that ppp creates a tun interface (tun0 first, tun1 second, etc) in order to bind the public ip address to an internal interface. Wierd, but this is what it does.
d) make changes to your existing rc.firewall script or whatever script you’re calling for use with ipfw. Any instance of your previous external interface (just like in natd.conf) should be replaced with tun0.
That should do it. Reboot your system and you should be up and running. If you have any issues, take a good look at your ‘ ifconfig -a ‘ and make sure a tun0 is present and assigned an address. If you need to do further troubleshooting, take a look at /var/log/ppp.log.
For more information on natd, take a look here:
http://www.freebsd.org/doc/en/books/handbook/network-natd.html
For more information on ipfw, take a look here:
http://www.freebsd.org/doc/en/books/handbook/firewalls-ipfw.html
Fore more information on pppoE, take a look here:
http://www.freebsd.org/doc/en/books/handbook/pppoe.html
If you have issues, leave a comment and I’ll make up for whatever I may have missed… this is just a quick blurb to drop down the basics of how to do this. I assume it could be used for any provider which utilizes the M1000 modem or similar setups so use this information at your own risk. 🙂
May 26th, 2008 on 19:46
and now you see why your my tech support… what I don’t know you’ve more than likely posted a blog about it… 🙂
May 26th, 2008 on 20:37
LOL – hopefully I’ll run into more postworthy problems in the future… haven’t been really too many of them lately, while I’m glad, I’m also sad…
Was good to see you and Tab both tonight, don’t be a stranger. 🙂
May 26th, 2008 on 20:54
most defanatly good to see you guys, and congratulations on the new younggin, and I wiil be up more this year, have to break out of my cave some day. and I need this server up and running, if not just for learning.. 🙂
May 26th, 2008 on 21:14
indeed sir. 🙂
May 28th, 2008 on 20:21
dude – reading this gave me a nosebleed.
headed off to find some excedrin now… 😉
May 29th, 2008 on 7:38
lol c`mon – it’s not that bad. it’s just basic instructions. 🙂
May 29th, 2008 on 10:27
Lol I didn’t even understand the title. I didn’t even try to read the post for fear my head would implode. If I can’t understand the title there is no way I will ever understand the text.
May 29th, 2008 on 13:10
Vortexx pats Smandy consolingly.
🙂
May 8th, 2009 on 12:12
So I see you are the one person in the whole world that knows how to connect a freebsd router to qwest DSL. I trust you are well, …else there’s just no hope for me.
I followed your instructions and it didn’t work. First off, are you paying for a static ip account or are you using the cheaper dynamic ip “windows live” account that the docs say won’t work with transparent bridging on the actiontek m1000 modem?
Naturally I have the dynamic ip account which is said to not work with transparent bridging. That doesn’t mean it can’t be tricked into working, but it just doesn’t make sense to me how it would work.
In it’s default mode, the modem translates all packets to the dynamically assigned ip. I presume (I’m just learning here) that the modem connects with a qwest dhcp server and is assigned an ip address by the server. It then relabels all packets to go to the qwest router with the url it has been assigned to send packets through.
So I have 2 problems here. 1)I need the address of the qwest dhcp server. Speaking with qwest last night they could not give me a url for a dhcp server. Maybe I need to call back and demand it. 2) Some process or daemon on my freebsd router/firewall will have to perform handshaking with this dhcp server and I need to configure it properly. Is it the ppp daemon? Did you setup dhcp server on the private side of the transparent bridge? Is it done with routing code?
It’s all greek to me until it starts working.
mike
mike
June 12th, 2009 on 9:00
I’m using the static IP address from qwest.net. That MSN Live account stuff is just horrible. I can’t recall but I believe I got it working with qwest.net dynamic prior to that. I can’t remember. 🙁
Technically when the modem runs the bridge it should pass all those auth msg’s over. I had problems with my Actiontec not too long after this so I ended up using my Cisco 675. Works MUCH better.
In my setup I’ve done the following since:
QWEST DSL SERVICES -> Cisco 675 -> Cisco ASA 5505 -> Network
On my network side I am running DHCP off my Windows 2008 server for the internal addresses. All external addressing is handled on the ASA with the 675 in bridging mode.