DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 3rd March 2010
n4p1 n4p1 is offline
New User
 
Join Date: Mar 2010
Posts: 9
Thanked 0 Times in 0 Posts
Default dsl -> pppoe pf problem

Hi,

I change network speed and technology in my ISP. I had DSL with static ip 3Mbits, everything works ok. Now i have pppoe 6Mbits (static ip). This is what I change:
/etc/hostname.bge0 (interface connected to dsl modem):
"up"

/etc/hostname.pppoe0:
"inet 78.x.x.x 255.255.255.255 87.x.x.x \
pppoedev bge0 authproto pap \
authname 'xxxxxx@zzzzzzz.pl' authkey 'yyyyyyy' up
dest 87.x.x.x
!/sbin/route add default 87.x.x.x"

And of course in pf.conf I change ext_if="bge0", to ext_if="pppoe0".

Ok, its working now but i had problem with download speed. I get only ~300kB/s, so I made a changes:
net.inet.tcp.recvspace=65536
net.inet.tcp.sendspace=65536
in sysctl.conf
and now download speed is ok.

But after few days I notice that there is a problem accessing https sites, I can use gmail over https, but e-banking and other sites dosent work.
My pf.conf rule (just a part):

ext_if="pppoe0"
int_if="fxp0"

# nat
nat on $ext_if from "192.168.1.0/24" to any -> ($ext_if)

pass out quick on $ext_if proto tcp from ($ext_if) to any port {80,443}
pass in quick on $int_if proto tcp from ($int_if:network) to any port 443

Any traffic going on port 443 should go directly and now some part of this traffic are missed(?). It was work w/o any problems before changing dsl to pppoe...

Also I was try redirect traffic on 443 to squid, because when I type squid iport in webbrowser (proxy) everything works ok.

This is my rule to redirect www trafic to squid:
rdr pass on $int_if proto tcp from ($int_if:network) to any port 80 -> 192.168.1.1 port 3128
and I try that same with https:
rdr pass on $int_if proto tcp from ($int_if:network) to any port 443 -> 192.168.1.1 port 3129

pfctl -f /etc/pf.conf

And dosent work .
Thank you for any help.
ps. I have OpenBSD 4.3

Last edited by J65nko; 3rd March 2010 at 08:07 PM. Reason: password and username removed
Reply With Quote
  #2   (View Single Post)  
Old 3rd March 2010
n4p1 n4p1 is offline
New User
 
Join Date: Mar 2010
Posts: 9
Thanked 0 Times in 0 Posts
Default

Ok, I fixed my problem....
Just need to add:
scrub out on $ext_if max-mss 1440
in pf.conf, and everything is ok.
Reply With Quote
Reply

Tags
max-mss 1440, pppoe

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Freebsd router PPP/PPPoE connection problem mrthomas FreeBSD General 4 1st January 2010 10:36 PM
Problem with pf for PPPoE Monkey OpenBSD Security 2 18th December 2009 03:29 AM
pppoe kaschei OpenBSD General 2 20th May 2009 01:14 AM
PF and kernel-level PPPoE(4) gezley OpenBSD Security 3 15th May 2009 06:56 PM
Modem PPPoE vs OpenBSD PPPoE ryoken OpenBSD Security 13 15th June 2008 10:07 PM


All times are GMT. The time now is 12:04 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick