Дано: домашний NanoBSD рутер на базе FreeBSD-8 от начала января, mpd-5.6. На mpd поднят PPPoE линк (клиент) к провайдеру. Также через этот линк поднят PPTP (клиент) на работу. И через этот же линк я ходил по PPTP (серевер) в домашнюю локалку и на работу с нетбука из "Сети". На рутере есть еще ethernet интерфейс в мир через другой канал. PPPoE - default. На выходных поднял у себя дома почтовую систему на сервере внутри LAN. Прописал форвардинг 25-го порта в ipfw nat на ethernet интерфейсе.
В mpd-5.6 появилась в nat возможность редиректить порты. Решил использовать это и на втором внешем канале через PPPoE. Прописал соотвтетсвующие строки
set nat red-port tcp 0.0.0.0 25 192.168.200.2 25
в mpd.conf и рестартанул mpd. После этого отвалили все PPTP соединения, а в mpd.log об этом говорилось следующее:
Jan 24 10:17:25 morisson mpd: PPTP: can't attach pptpgre node: Protocol family not supported
Jan 24 10:17:27 morisson mpd: PPTP: can't attach pptpgre node: No such file or directory
Причем, я пытался подключится к рутеру по PPTP как через PPPoE линк, так и через ethernet. Netgraph в виде модулей. Убрал пока port-redirection в mpd.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Убрал nat enable incoming, включил red-port. Попытка входящего подключения по PPTP к mpd через этот PPPoE линк не получилась без какого-либо упоминания в mpd.log, а подключение через ethernet не получилось с диагностикой:
Jan 27 11:54:19 morisson mpd: Accepting PPTP connection
Jan 27 11:54:19 morisson mpd: Link: OPEN event
Jan 27 11:54:19 morisson mpd: LCP: Open event
Jan 27 11:54:19 morisson mpd: LCP: state change Initial -> Starting
Jan 27 11:54:19 morisson mpd: LCP: LayerStart
Jan 27 11:54:19 morisson mpd: PPTP: attaching to peer's outgoing call
Jan 27 11:54:20 morisson mpd: PPTP: can't attach pptpgre node: No such file or directory
Jan 27 11:54:20 morisson mpd: PPTP call cancelled in state CONNECTING
Jan 27 11:54:20 morisson mpd: Link: DOWN event
Jan 27 11:54:20 morisson mpd: LCP: Close event
Jan 27 11:54:20 morisson mpd: LCP: state change Starting -> Initial
Jan 27 11:54:20 morisson mpd: LCP: LayerFinish
Jan 27 11:54:20 morisson mpd: LCP: Down event
Jan 27 11:54:20 morisson mpd: Link: SHUTDOWN event
Jan 27 11:54:20 morisson mpd: Link: Shutdown
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Да, вот полный конфиг. PPTP (pptp_client и pptp_server) перестает аботать, если в pppoe_client раскоментарить red-port. Рутер кроме pppoe линка имеет еще ethernet линки, через которые pptp также перестает работать, если в секции pppoe_client включить red-port. На всякий случай сообщу, что на внешних ethernet интерфейсах рутера используется ipfw_nat с pot-redirect.
code]
startup:
# configure mpd users
set user *** *** admin
set user *** ***
# configure the console
set console self 127.0.0.1 5005
set console open
# configure the web server
set web self 0.0.0.0 5006
set web open
pptp_server:
#
# Mpd as a PPTP server compatible with Microsoft Dial-Up Networking clients.
# Define dynamic IP address pool.
set ippool add pptp_vpn 192.168.200.120 192.168.200.127
# Create clonable bundle template named B
create bundle template B
set iface enable proxy-arp
set iface idle 1800
set iface enable tcpmssfix
set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
set ipcp ranges 192.168.200.1/32 ippool pptp_vpn
set ipcp dns 192.168.200.1
#set ipcp nbns 192.168.200.2
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set mppc yes stateless
# Create clonable link template named L
create link template L pptp
# Set bundle template to use
set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU.
set link enable multilink
set link yes acfcomp protocomp
#set link no pap chap
set link enable pap
set link enable chap
# We can use use RADIUS authentication/accounting by including
# another config section with label 'radius'.
# load radius
set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation.
set link mtu 1460
# Configure PPTP
#set pptp self 1.2.3.4
# Allow to accept calls
set link enable incoming
pptp_client:
#
# PPTP client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#
create bundle template B1
set iface enable tcpmssfix
##set iface route default
#set iface route 192.168.186.0/23
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set ipcp enable req-pri-dns req-sec-dns
set iface up-script /usr/local/etc/mpd5/mpd.d/mpd.linkup.init_vpn
set iface down-script /usr/local/etc/mpd5/mpd.d/mpd.linkdown.init_vpn
set iface description "VPN to INIT"
set iface enable nat
#set nat disable incoming
set nat enable incoming
#set nat enable unreg-only
set ccp yes mppc
create link template common pptp
set link action bundle B1
set link max-redial 0
set link mtu 1460
set link keep-alive 20 75
set pptp disable windowing
set auth authname ****
set auth password ****
create link static vpn1 common
set pptp peer x.x.x.4
open
create link static vpn2 common
set pptp peer y.y.y.74
open
pppoe_client:
#
# PPPoE client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#
create bundle static B2
set iface route default
set iface enable nat
#set nat red-port tcp 0.0.0.0 25 192.168.200.2 25
#set nat red-port tcp 0.0.0.0 587 192.168.200.2 587
#set nat red-port tcp 0.0.0.0 143 192.168.200.2 143
#set nat red-port tcp 0.0.0.0 993 192.168.200.2 993
set iface enable tcpmssfix
#set nat disable incoming
set nat enable incoming
set nat enable unreg-only
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set ipcp enable req-pri-dns req-sec-dns
set iface up-script /usr/local/etc/mpd5/mpd.d/mpd.linkup.itt
set iface down-script /usr/local/etc/mpd5/mpd.d/mpd.linkdown.itt
set iface description "PPPoE to ITT"
create link static L2 pppoestartup:
# configure mpd users
set user *** *** admin
set user *** ***
# configure the console
set console self 127.0.0.1 5005
set console open
# configure the web server
set web self 0.0.0.0 5006
set web open
pptp_server:
#
# Mpd as a PPTP server compatible with Microsoft Dial-Up Networking clients.
# Define dynamic IP address pool.
set ippool add pptp_vpn 192.168.200.120 192.168.200.127
# Create clonable bundle template named B
create bundle template B
set iface enable proxy-arp
set iface idle 1800
set iface enable tcpmssfix
set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
set ipcp ranges 192.168.200.1/32 ippool pptp_vpn
set ipcp dns 192.168.200.1
#set ipcp nbns 192.168.200.2
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set mppc yes stateless
# Create clonable link template named L
create link template L pptp
# Set bundle template to use
set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU.
set link enable multilink
set link yes acfcomp protocomp
#set link no pap chap
set link enable pap
set link enable chap
# We can use use RADIUS authentication/accounting by including
# another config section with label 'radius'.
# load radius
set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation.
set link mtu 1460
# Configure PPTP
#set pptp self 1.2.3.4
# Allow to accept calls
set link enable incoming
pptp_client:
#
# PPTP client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#
create bundle template B1
set iface enable tcpmssfix
##set iface route default
#set iface route 192.168.186.0/23
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set ipcp enable req-pri-dns req-sec-dns
set iface up-script /usr/local/etc/mpd5/mpd.d/mpd.linkup.init_vpn
set iface down-script /usr/local/etc/mpd5/mpd.d/mpd.linkdown.init_vpn
set iface description "VPN to INIT"
set iface enable nat
#set nat disable incoming
set nat enable incoming
#set nat enable unreg-only
set ccp yes mppc
create link template common pptp
set link action bundle B1
set link max-redial 0
set link mtu 1460
set link keep-alive 20 75
set pptp disable windowing
set auth authname ****
set auth password ****
create link static vpn1 common
set pptp peer x.x.x.4
open
create link static vpn2 common
set pptp peer y.y.y.74
open
pppoe_client:
#
# PPPoE client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#
create bundle static B2
set iface route default
set iface enable nat
#set nat red-port tcp 0.0.0.0 25 192.168.200.2 25
#set nat red-port tcp 0.0.0.0 587 192.168.200.2 587
#set nat red-port tcp 0.0.0.0 143 192.168.200.2 143
#set nat red-port tcp 0.0.0.0 993 192.168.200.2 993
set iface enable tcpmssfix
#set nat disable incoming
set nat enable incoming
set nat enable unreg-only
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set ipcp enable req-pri-dns req-sec-dns
set iface up-script /usr/local/etc/mpd5/mpd.d/mpd.linkup.itt
set iface down-script /usr/local/etc/mpd5/mpd.d/mpd.linkdown.itt
set iface description "PPPoE to ITT"
create link static L2 pppoe
set link action bundle B2
set auth authname ****
set auth password ****
set link max-redial 0
set link mtu 1492
set link keep-alive 10 60
set pppoe iface wlan1
set pppoe service ""
open
set link action bundle B2
set auth authname ****
set auth password ****
set link max-redial 0
set link mtu 1492
set link keep-alive 10 60
set pppoe iface wlan1
set pppoe service ""
open
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
startup:# configure mpd userssetuser******adminsetuser******# configure the consolesetconsoleself127.0.0.15005setconsoleopen# configure the web serversetwebself0.0.0.05006setwebopendefault:loadpppoe_client#load pptp_clientloadpptp_serverpptp_server:## Mpd as a PPTP server compatible with Microsoft Dial-Up Networking clients.# Define dynamic IP address pool.setippooladdpptp_vpn192.168.200.120192.168.200.127# Create clonable bundle template named BcreatebundletemplateBsetifaceenableproxy-arpsetifaceidle1800setifaceenabletcpmssfixsetipcpyesvjcomp# Specify IP address pool for dynamic assigment.setipcpranges192.168.200.1/32ippoolpptp_vpnsetipcpdns192.168.200.1#set ipcp nbns 192.168.200.2# The five lines below enable Microsoft Point-to-Point encryption# (MPPE) using the ng_mppc(8) netgraph node type.setbundleenablecompressionsetccpyesmppcsetmppcyese40setmppcyese128setmppcyesstateless# Create clonable link template named LcreatelinktemplateLpptp# Set bundle template to usesetlinkactionbundleB# Multilink adds some overhead, but gives full 1500 MTU.setlinkenablemultilinksetlinkyesacfcompprotocomp#set link no pap chapsetlinkenablepapsetlinkenablechap# We can use use RADIUS authentication/accounting by including# another config section with label 'radius'.# load radiussetlinkkeep-alive1060# We reducing link mtu to avoid GRE packet fragmentation.setlinkmtu1460# Configure PPTP#set pptp self 1.2.3.4# Allow to accept callssetlinkenableincomingpptp_client:## PPTP client: only outgoing calls, auto reconnect,# ipcp-negotiated address, one-sided authentication,# default route points on ISP's end#createbundletemplateB1setifaceenabletcpmssfix##set iface route default#set iface route 192.168.186.0/23 setipcpranges0.0.0.0/00.0.0.0/0setipcpenablereq-pri-dnsreq-sec-dnssetifaceup-script/usr/local/etc/mpd5/mpd.d/mpd.linkup.init_vpnsetifacedown-script/usr/local/etc/mpd5/mpd.d/mpd.linkdown.init_vpnsetifacedescription"VPN to INIT"setifaceenablenat#set nat disable incomingsetnatenableincoming#set nat enable unreg-onlysetccpyesmppccreatelinktemplatecommonpptpsetlinkactionbundleB1setlinkmax-redial0setlinkmtu1460setlinkkeep-alive2075setpptpdisablewindowingsetauthauthname****setauthpassword****createlinkstaticvpn1commonsetpptppeerx.x.x.4opencreatelinkstaticvpn2commonsetpptppeery.y.y.74openpppoe_client:## PPPoE client: only outgoing calls, auto reconnect,# ipcp-negotiated address, one-sided authentication,# default route points on ISP's end#createbundlestaticB2setifaceroutedefaultsetifaceenablenat#set nat red-port tcp 0.0.0.0 25 192.168.200.2 25#set nat red-port tcp 0.0.0.0 587 192.168.200.2 587 #set nat red-port tcp 0.0.0.0 143 192.168.200.2 143 #set nat red-port tcp 0.0.0.0 993 192.168.200.2 993 setifaceenabletcpmssfix#set nat disable incomingsetnatenableincomingsetnatenableunreg-onlysetipcpranges0.0.0.0/00.0.0.0/0setipcpenablereq-pri-dnsreq-sec-dnssetifaceup-script/usr/local/etc/mpd5/mpd.d/mpd.linkup.ittsetifacedown-script/usr/local/etc/mpd5/mpd.d/mpd.linkdown.ittsetifacedescription"PPPoE to ITT"createlinkstaticL2pppoesetlinkactionbundleB2setauthauthname****setauthpassword****setlinkmax-redial0setlinkmtu1492setlinkkeep-alive1060setpppoeifacewlan1setpppoeservice""open
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Честно говоря на pppoe я nat не тестировал. Я использовал его только с pptp клиентом.
Можно ли попробовать повторить попытку, но с более полным логом?
как-то так: log +iface +iface2 +link
Возможно дело таки в самом ng_nat
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Дано: домашний NanoBSD рутер на базе FreeBSD-8 от начала января, mpd-5.6. На mpd поднят PPPoE линк (клиент) к провайдеру. Также через этот линк поднят PPTP (клиент) на работу. И через этот же линк я ходил по PPTP (серевер) в домашнюю локалку и на работу с нетбука из "Сети". На рутере есть еще ethernet интерфейс в мир через другой канал. PPPoE - default. На выходных поднял у себя дома почтовую систему на сервере внутри LAN. Прописал форвардинг 25-го порта в ipfw nat на ethernet интерфейсе.
В mpd-5.6 появилась в nat возможность редиректить порты. Решил использовать это и на втором внешем канале через PPPoE. Прописал соотвтетсвующие строки
set nat red-port tcp 0.0.0.0 25 192.168.200.2 25
в mpd.conf и рестартанул mpd. После этого отвалили все PPTP соединения, а в mpd.log об этом говорилось следующее:
Jan 24 10:17:25 morisson mpd: PPTP: can't attach pptpgre node: Protocol family not supported
Jan 24 10:17:27 morisson mpd: PPTP: can't attach pptpgre node: No such file or directory
Причем, я пытался подключится к рутеру по PPTP как через PPPoE линк, так и через ethernet. Netgraph в виде модулей. Убрал пока port-redirection в mpd.
set iface enable nat стоит?
set iface enable nat
set nat enable incoming
set nat red-port tcp 0.0.0.0 25 192.168.200.2 25
set nat red-port tcp 0.0.0.0 587 192.168.200.2 587
set nat red-port tcp 0.0.0.0 143 192.168.200.2 143
set nat red-port tcp 0.0.0.0 993 192.168.200.2 993
А зачем там строчка set nat enable incoming ?
У меня проброс портов во внутреннюю сеть отлично работал без нее.
Убрал nat enable incoming, включил red-port. Попытка входящего подключения по PPTP к mpd через этот PPPoE линк не получилась без какого-либо упоминания в mpd.log, а подключение через ethernet не получилось с диагностикой:
Jan 27 11:54:19 morisson mpd: Accepting PPTP connection
Jan 27 11:54:19 morisson mpd: Link: OPEN event
Jan 27 11:54:19 morisson mpd: LCP: Open event
Jan 27 11:54:19 morisson mpd: LCP: state change Initial -> Starting
Jan 27 11:54:19 morisson mpd: LCP: LayerStart
Jan 27 11:54:19 morisson mpd: PPTP: attaching to peer's outgoing call
Jan 27 11:54:20 morisson mpd: PPTP: can't attach pptpgre node: No such file or directory
Jan 27 11:54:20 morisson mpd: PPTP call cancelled in state CONNECTING
Jan 27 11:54:20 morisson mpd: Link: DOWN event
Jan 27 11:54:20 morisson mpd: LCP: Close event
Jan 27 11:54:20 morisson mpd: LCP: state change Starting -> Initial
Jan 27 11:54:20 morisson mpd: LCP: LayerFinish
Jan 27 11:54:20 morisson mpd: LCP: Down event
Jan 27 11:54:20 morisson mpd: Link: SHUTDOWN event
Jan 27 11:54:20 morisson mpd: Link: Shutdown
Можно привести конфиг?
Да, вот полный конфиг. PPTP (pptp_client и pptp_server) перестает аботать, если в pppoe_client раскоментарить red-port. Рутер кроме pppoe линка имеет еще ethernet линки, через которые pptp также перестает работать, если в секции pppoe_client включить red-port. На всякий случай сообщу, что на внешних ethernet интерфейсах рутера используется ipfw_nat с pot-redirect.
code]
startup:
# configure mpd users
set user *** *** admin
set user *** ***
# configure the console
set console self 127.0.0.1 5005
set console open
# configure the web server
set web self 0.0.0.0 5006
set web open
default:
load pppoe_client
load pptp_client
load pptp_server
pptp_server:
#
# Mpd as a PPTP server compatible with Microsoft Dial-Up Networking clients.
# Define dynamic IP address pool.
set ippool add pptp_vpn 192.168.200.120 192.168.200.127
# Create clonable bundle template named B
create bundle template B
set iface enable proxy-arp
set iface idle 1800
set iface enable tcpmssfix
set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
set ipcp ranges 192.168.200.1/32 ippool pptp_vpn
set ipcp dns 192.168.200.1
#set ipcp nbns 192.168.200.2
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set mppc yes stateless
# Create clonable link template named L
create link template L pptp
# Set bundle template to use
set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU.
set link enable multilink
set link yes acfcomp protocomp
#set link no pap chap
set link enable pap
set link enable chap
# We can use use RADIUS authentication/accounting by including
# another config section with label 'radius'.
# load radius
set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation.
set link mtu 1460
# Configure PPTP
#set pptp self 1.2.3.4
# Allow to accept calls
set link enable incoming
pptp_client:
#
# PPTP client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#
create bundle template B1
set iface enable tcpmssfix
##set iface route default
#set iface route 192.168.186.0/23
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set ipcp enable req-pri-dns req-sec-dns
set iface up-script /usr/local/etc/mpd5/mpd.d/mpd.linkup.init_vpn
set iface down-script /usr/local/etc/mpd5/mpd.d/mpd.linkdown.init_vpn
set iface description "VPN to INIT"
set iface enable nat
#set nat disable incoming
set nat enable incoming
#set nat enable unreg-only
set ccp yes mppc
create link template common pptp
set link action bundle B1
set link max-redial 0
set link mtu 1460
set link keep-alive 20 75
set pptp disable windowing
set auth authname ****
set auth password ****
create link static vpn1 common
set pptp peer x.x.x.4
open
create link static vpn2 common
set pptp peer y.y.y.74
open
pppoe_client:
#
# PPPoE client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#
create bundle static B2
set iface route default
set iface enable nat
#set nat red-port tcp 0.0.0.0 25 192.168.200.2 25
#set nat red-port tcp 0.0.0.0 587 192.168.200.2 587
#set nat red-port tcp 0.0.0.0 143 192.168.200.2 143
#set nat red-port tcp 0.0.0.0 993 192.168.200.2 993
set iface enable tcpmssfix
#set nat disable incoming
set nat enable incoming
set nat enable unreg-only
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set ipcp enable req-pri-dns req-sec-dns
set iface up-script /usr/local/etc/mpd5/mpd.d/mpd.linkup.itt
set iface down-script /usr/local/etc/mpd5/mpd.d/mpd.linkdown.itt
set iface description "PPPoE to ITT"
create link static L2 pppoestartup:
# configure mpd users
set user *** *** admin
set user *** ***
# configure the console
set console self 127.0.0.1 5005
set console open
# configure the web server
set web self 0.0.0.0 5006
set web open
default:
load pppoe_client
#load pptp_client
load pptp_server
pptp_server:
#
# Mpd as a PPTP server compatible with Microsoft Dial-Up Networking clients.
# Define dynamic IP address pool.
set ippool add pptp_vpn 192.168.200.120 192.168.200.127
# Create clonable bundle template named B
create bundle template B
set iface enable proxy-arp
set iface idle 1800
set iface enable tcpmssfix
set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
set ipcp ranges 192.168.200.1/32 ippool pptp_vpn
set ipcp dns 192.168.200.1
#set ipcp nbns 192.168.200.2
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set mppc yes stateless
# Create clonable link template named L
create link template L pptp
# Set bundle template to use
set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU.
set link enable multilink
set link yes acfcomp protocomp
#set link no pap chap
set link enable pap
set link enable chap
# We can use use RADIUS authentication/accounting by including
# another config section with label 'radius'.
# load radius
set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation.
set link mtu 1460
# Configure PPTP
#set pptp self 1.2.3.4
# Allow to accept calls
set link enable incoming
pptp_client:
#
# PPTP client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#
create bundle template B1
set iface enable tcpmssfix
##set iface route default
#set iface route 192.168.186.0/23
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set ipcp enable req-pri-dns req-sec-dns
set iface up-script /usr/local/etc/mpd5/mpd.d/mpd.linkup.init_vpn
set iface down-script /usr/local/etc/mpd5/mpd.d/mpd.linkdown.init_vpn
set iface description "VPN to INIT"
set iface enable nat
#set nat disable incoming
set nat enable incoming
#set nat enable unreg-only
set ccp yes mppc
create link template common pptp
set link action bundle B1
set link max-redial 0
set link mtu 1460
set link keep-alive 20 75
set pptp disable windowing
set auth authname ****
set auth password ****
create link static vpn1 common
set pptp peer x.x.x.4
open
create link static vpn2 common
set pptp peer y.y.y.74
open
pppoe_client:
#
# PPPoE client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#
create bundle static B2
set iface route default
set iface enable nat
#set nat red-port tcp 0.0.0.0 25 192.168.200.2 25
#set nat red-port tcp 0.0.0.0 587 192.168.200.2 587
#set nat red-port tcp 0.0.0.0 143 192.168.200.2 143
#set nat red-port tcp 0.0.0.0 993 192.168.200.2 993
set iface enable tcpmssfix
#set nat disable incoming
set nat enable incoming
set nat enable unreg-only
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set ipcp enable req-pri-dns req-sec-dns
set iface up-script /usr/local/etc/mpd5/mpd.d/mpd.linkup.itt
set iface down-script /usr/local/etc/mpd5/mpd.d/mpd.linkdown.itt
set iface description "PPPoE to ITT"
create link static L2 pppoe
set link action bundle B2
set auth authname ****
set auth password ****
set link max-redial 0
set link mtu 1492
set link keep-alive 10 60
set pppoe iface wlan1
set pppoe service ""
open
set link action bundle B2
set auth authname ****
set auth password ****
set link max-redial 0
set link mtu 1492
set link keep-alive 10 60
set pppoe iface wlan1
set pppoe service ""
open
Что-то глюкнуло
Честно говоря на pppoe я nat не тестировал. Я использовал его только с pptp клиентом.
Можно ли попробовать повторить попытку, но с более полным логом?
как-то так: log +iface +iface2 +link
Возможно дело таки в самом ng_nat
Добавил в конфиг log +iface +iface2 +link.
Скорее всего проблема в ядре. Так сразу не разобраться. Попробуй создать PR или написать в мэйллист.