captain7616
asked on
pppoe does not persist
I have put together a firewall using Debian Sarge,
it works with no problem, i am not sure how it works in other countries, but our dsl gets reset every 24 hours to change ip address via our telecommunications company (Telkom SA)
at this specific firewall it happens at 3am local time,
after the line resets it doesnt make a connection back to the net, however if i restart the firewall it makes a connection with no problem
I am using a pppoe connection using a dlink dsl modem in bridge mode,
here is my /etc/ppp/peers/dsl-provide
# Configuration file for PPP, using PPP over Ethernet
# to connect to a DSL provider.
#
# See the manual page pppd(8) for information on all the options.
##
# Section 1
#
# Stuff to configure...
# MUST CHANGE: Uncomment the following line, replacing the user@provider.net
# by the DSL user name given to your by your DSL provider.
# (There should be a matching entry in /etc/ppp/pap-secrets with the password.)
#user myusername@myprovider.net
# Use the pppoe program to send the ppp packets over the Ethernet link
# This line should work fine if this computer is the only one accessing
# the Internet through this DSL connection. This is the right line to use
# for most people.
pty "/usr/sbin/pppoe -I eth1 -T 80 -m 1452"
# If the computer connected to the Internet using pppoe is not being used
# by other computers as a gateway to the Internet, you can try the following
# line instead, for a small gain in speed:
#pty "/usr/sbin/pppoe -I eth1 -T 80"
# An even more conservative version of the previous line, if things
# don't work using -m 1452...
#pty "/usr/sbin/pppoe -I eth1 -T 80 -m 1412"
# The following two options should work fine for most DSL users.
# Assumes that your IP address is allocated dynamically
# by your DSL provider...
noipdefault
# Comment out if you already have the correct default route installed
defaultroute
##
# Section 2
#
# Uncomment if your DSL provider charges by minute connected
# and you want to use demand-dialing.
#
# Disconnect after 300 seconds (5 minutes) of idle time.
#demand
#idle 300
##
# Section 3
#
# You shouldn't need to change these options...
hide-password
lcp-echo-interval 60
lcp-echo-failure 3
# Override any connect script that may have been set in /etc/ppp/options.
connect /bin/true
noauth
persist
mtu 1492
usepeerdns
user "username@password"
Here is a copy of my /etc/ppp/options file:
fw1:~# cat /etc/ppp/options
# /etc/ppp/options
#
# Originally created by Jim Knoble <jmknoble@mercury.interpat
# Modified for Debian by alvar Bray <alvar@meiko.co.uk>
# Modified for PPP Server setup by Christoph Lameter <clameter@debian.org>
#
# To quickly see what options are active in this file, use this command:
# egrep -v '#|^ *$' /etc/ppp/options
# Specify which DNS Servers the incoming Win95 or WinNT Connection should use
# Two Servers can be remotely configured
# ms-dns 192.168.1.1
# ms-dns 192.168.1.2
# Specify which WINS Servers the incoming connection Win95 or WinNT should use
# ms-wins 192.168.1.50
# ms-wins 192.168.1.51
# Run the executable or shell command specified after pppd has
# terminated the link. This script could, for example, issue commands
# to the modem to cause it to hang up if hardware modem control signals
# were not available.
#disconnect "chat -- \d+++\d\c OK ath0 OK"
# async character map -- 32-bit hex; each bit is a character
# that needs to be escaped for pppd to receive it. 0x00000001
# represents '\x01', and 0x80000000 represents '\x1f'.
asyncmap 0
# Require the peer to authenticate itself before allowing network
# packets to be sent or received.
# Please do not disable this setting. It is expected to be standard in
# future releases of pppd. Use the call option (see manpage) to disable
# authentication for specific peers.
auth
# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
# on the serial port.
crtscts
# Use software flow control (i.e. XON/XOFF) to control the flow of data
# on the serial port.
#xonxoff
# Specifies that certain characters should be escaped on transmission
# (regardless of whether the peer requests them to be escaped with its
# async control character map). The characters to be escaped are
# specified as a list of hex numbers separated by commas. Note that
# almost any character can be specified for the escape option, unlike
# the asyncmap option which only allows control characters to be
# specified. The characters which may not be escaped are those with hex
# values 0x20 - 0x3f or 0x5e.
#escape 11,13,ff
# Don't use the modem control lines.
#local
# Specifies that pppd should use a UUCP-style lock on the serial device
# to ensure exclusive access to the device.
lock
# Don't show the passwords when logging the contents of PAP packets.
# This is the default.
hide-password
# When logging the contents of PAP packets, this option causes pppd to
# show the password string in the log message.
#show-password
# Use the modem control lines. On Ultrix, this option implies hardware
# flow control, as for the crtscts option. (This option is not fully
# implemented.)
#modem
# Set the MRU [Maximum Receive Unit] value to <n> for negotiation. pppd
# will ask the peer to send packets of no more than <n> bytes. The
# minimum MRU value is 128. The default MRU value is 1500. A value of
# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
# bytes of data).
#mru 542
# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
# notation (e.g. 255.255.255.0).
#netmask 255.255.255.0
# Disables the default behaviour when no local IP address is specified,
# which is to determine (if possible) the local IP address from the
# hostname. With this option, the peer will have to supply the local IP
# address during IPCP negotiation (unless it specified explicitly on the
# command line or in an options file).
noipdefault
# Enables the "passive" option in the LCP. With this option, pppd will
# attempt to initiate a connection; if no reply is received from the
# peer, pppd will then just wait passively for a valid LCP packet from
# the peer (instead of exiting, as it does without this option).
#passive
# With this option, pppd will not transmit LCP packets to initiate a
# connection until a valid LCP packet is received from the peer (as for
# the "passive" option with old versions of pppd).
#silent
# Don't request or allow negotiation of any options for LCP and IPCP
# (use default values).
#-all
# Disable Address/Control compression negotiation (use default, i.e.
# address/control field disabled).
#-ac
# Disable asyncmap negotiation (use the default asyncmap, i.e. escape
# all control characters).
#-am
# Don't fork to become a background process (otherwise pppd will do so
# if a serial device is specified).
#-detach
# Disable IP address negotiation (with this option, the remote IP
# address must be specified with an option on the command line or in
# an options file).
#-ip
# Disable IPCP negotiation and IP communication. This option should
# only be required if the peer is buggy and gets confused by requests
# from pppd for IPCP negotiation.
#noip
# Disable magic number negotiation. With this option, pppd cannot
# detect a looped-back line.
#-mn
# Disable MRU [Maximum Receive Unit] negotiation (use default, i.e.
# 1500).
#-mru
# Disable protocol field compression negotiation (use default, i.e.
# protocol field compression disabled).
#-pc
# Require the peer to authenticate itself using PAP.
#+pap
# Don't agree to authenticate using PAP.
#-pap
# Require the peer to authenticate itself using CHAP [Cryptographic
# Handshake Authentication Protocol] authentication.
#+chap
# Don't agree to authenticate using CHAP.
#-chap
# Disable negotiation of Van Jacobson style IP header compression (use
# default, i.e. no compression).
#-vj
# Increase debugging level (same as -d). If this option is given, pppd
# will log the contents of all control packets sent or received in a
# readable form. The packets are logged through syslog with facility
# daemon and level debug. This information can be directed to a file by
# setting up /etc/syslog.conf appropriately (see syslog.conf(5)). (If
# pppd is compiled with extra debugging enabled, it will log messages
# using facility local2 instead of daemon).
#debug
# Append the domain name <d> to the local host name for authentication
# purposes. For example, if gethostname() returns the name porsche,
# but the fully qualified domain name is porsche.Quotron.COM, you would
# use the domain option to set the domain name to Quotron.COM.
#domain <d>
# Enable debugging code in the kernel-level PPP driver. The argument n
# is a number which is the sum of the following values: 1 to enable
# general debug messages, 2 to request that the contents of received
# packets be printed, and 4 to request that the contents of transmitted
# packets be printed.
#kdebug n
# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
# requests a smaller value via MRU negotiation, pppd will request that
# the kernel networking code send data packets of no more than n bytes
# through the PPP network interface.
#mtu <n>
# Set the name of the local system for authentication purposes to <n>.
# This is a privileged option. With this option, pppd will use lines in the
# secrets files which have <n> as the second field when looking for a
# secret to use in authenticating the peer. In addition, unless overridden
# with the user option, <n> will be used as the name to send to the peer
# when authenticating the local system to the peer. (Note that pppd does
# not append the domain name to <n>.)
#name <n>
# Enforce the use of the hostname as the name of the local system for
# authentication purposes (overrides the name option).
#usehostname
# Set the assumed name of the remote system for authentication purposes
# to <n>.
#remotename <n>
# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system.
proxyarp
# Use the system password database for authenticating the peer using
# PAP. Note: mgetty already provides this option. If this is specified
# then dialin from users using a script under Linux to fire up ppp wont work.
# login
# If this option is given, pppd will send an LCP echo-request frame to the
# peer every n seconds. Normally the peer should respond to the echo-request
# by sending an echo-reply. This option can be used with the
# lcp-echo-failure option to detect that the peer is no longer connected.
lcp-echo-interval 30
# If this option is given, pppd will presume the peer to be dead if n
# LCP echo-requests are sent without receiving a valid LCP echo-reply.
# If this happens, pppd will terminate the connection. Use of this
# option requires a non-zero value for the lcp-echo-interval parameter.
# This option can be used to enable pppd to terminate after the physical
# connection has been broken (e.g., the modem has hung up) in
# situations where no hardware modem control lines are available.
lcp-echo-failure 4
# Set the LCP restart interval (retransmission timeout) to <n> seconds
# (default 3).
#lcp-restart <n>
# Set the maximum number of LCP terminate-request transmissions to <n>
# (default 3).
#lcp-max-terminate <n>
# Set the maximum number of LCP configure-request transmissions to <n>
# (default 10).
#lcp-max-configure <n>
# Set the maximum number of LCP configure-NAKs returned before starting
# to send configure-Rejects instead to <n> (default 10).
#lcp-max-failure <n>
# Set the IPCP restart interval (retransmission timeout) to <n>
# seconds (default 3).
#ipcp-restart <n>
# Set the maximum number of IPCP terminate-request transmissions to <n>
# (default 3).
#ipcp-max-terminate <n>
# Set the maximum number of IPCP configure-request transmissions to <n>
# (default 10).
#ipcp-max-configure <n>
# Set the maximum number of IPCP configure-NAKs returned before starting
# to send configure-Rejects instead to <n> (default 10).
#ipcp-max-failure <n>
# Set the PAP restart interval (retransmission timeout) to <n> seconds
# (default 3).
#pap-restart <n>
# Set the maximum number of PAP authenticate-request transmissions to
# <n> (default 10).
#pap-max-authreq <n>
# Set the maximum time that pppd will wait for the peer to authenticate
# itself with PAP to <n> seconds (0 means no limit).
#pap-timeout <n>
# Set the CHAP restart interval (retransmission timeout for
# challenges) to <n> seconds (default 3).
#chap-restart <n>
# Set the maximum number of CHAP challenge transmissions to <n>
# (default 10).
#chap-max-challenge
# If this option is given, pppd will rechallenge the peer every <n>
# seconds.
#chap-interval <n>
# With this option, pppd will accept the peer's idea of our local IP
# address, even if the local IP address was specified in an option.
#ipcp-accept-local
# With this option, pppd will accept the peer's idea of its (remote) IP
# address, even if the remote IP address was specified in an option.
#ipcp-accept-remote
# Disable the IPXCP and IPX protocols.
# To let pppd pass IPX packets comment this out --- you'll probably also
# want to install ipxripd, and have the Internal IPX Network option enabled
# in your kernel. /usr/doc/HOWTO/IPX-HOWTO.g
noipx
# Exit once a connection has been made and terminated. This is the default,
# unless the `persist' or `demand' option has been specified.
#nopersist
# Do not exit after a connection is terminated; instead try to reopen
# the connection.
persist
# Terminate after n consecutive failed connection attempts.
# A value of 0 means no limit. The default value is 10.
#maxfail <n>
# Initiate the link only on demand, i.e. when data traffic is present.
# With this option, the remote IP address must be specified by the user on
# the command line or in an options file. Pppd will initially configure
# the interface and enable it for IP traffic without connecting to the peer.
# When traffic is available, pppd will connect to the peer and perform
# negotiation, authentication, etc. When this is completed, pppd will
# commence passing data packets (i.e., IP packets) across the link.
#demand
# Specifies that pppd should disconnect if the link is idle for <n> seconds.
# The link is idle when no data packets (i.e. IP packets) are being sent or
# received. Note: it is not advisable to use this option with the persist
# option without the demand option. If the active-filter option is given,
# data packets which are rejected by the specified activity filter also
# count as the link being idle.
#idle <n>
# Specifies how many seconds to wait before re-initiating the link after
# it terminates. This option only has any effect if the persist or demand
# option is used. The holdoff period is not applied if the link was
# terminated because it was idle.
#holdoff <n>
# Wait for up n milliseconds after the connect script finishes for a valid
# PPP packet from the peer. At the end of this time, or when a valid PPP
# packet is received from the peer, pppd will commence negotiation by
# sending its first LCP packet. The default value is 1000 (1 second).
# This wait period only applies if the connect or pty option is used.
connect-delay 3000
# Packet filtering: for more information, see pppd(8)
# Any packets matching the filter expression will be interpreted as link
# activity, and will cause a "demand" connection to be activated, and reset
# the idle connection timer. (idle option)
# The filter expression is akin to that of tcpdump(1)
#active-filter <filter-expression>
# ---<End of File>---
I tailed the syslog to find the error and this is what i came up with ,
May 31 23:04:38 fw1 pppd[1916]: LCP terminated by peer
May 31 23:04:38 fw1 pppd[1916]: Connect time 1038.7 minutes.
May 31 23:04:38 fw1 pppd[1916]: Sent 208961140 bytes, received 149292714 bytes.
May 31 23:04:38 fw1 pppoe[1919]: Session 25366 terminated -- received PADT from peer
May 31 23:04:38 fw1 pppoe[1919]: Sent PADT
May 31 23:04:41 fw1 pppd[1916]: Connection terminated.
May 31 23:04:41 fw1 pppd[1916]: tcflush failed: Input/output error
May 31 23:04:41 fw1 pppd[1916]: Serial connection established.
May 31 23:04:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:04:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/1
May 31 23:04:41 fw1 pppoe[3318]: PADS: Service-Name: ''
May 31 23:04:41 fw1 pppoe[3318]: PPP session is 26507
May 31 23:05:01 fw1 pppoe[3318]: Session 26507 terminated -- received PADT from peer
May 31 23:05:01 fw1 pppoe[3318]: Sent PADT
May 31 23:05:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:05:41 fw1 pppd[1916]: Connection terminated.
May 31 23:05:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:05:41 fw1 pppd[1916]: Serial connection established.
May 31 23:05:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:05:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/2
May 31 23:05:41 fw1 pppoe[3334]: PADS: Service-Name: ''
May 31 23:05:41 fw1 pppoe[3334]: PPP session is 28065
May 31 23:06:02 fw1 pppoe[3334]: Session 28065 terminated -- received PADT from peer
May 31 23:06:02 fw1 pppoe[3334]: Sent PADT
May 31 23:06:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:06:41 fw1 pppd[1916]: Connection terminated.
May 31 23:06:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:06:41 fw1 pppd[1916]: Serial connection established.
May 31 23:06:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:06:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/3
May 31 23:06:41 fw1 pppoe[3352]: PADS: Service-Name: ''
May 31 23:06:41 fw1 pppoe[3352]: PPP session is 29515
May 31 23:07:02 fw1 pppoe[3352]: Session 29515 terminated -- received PADT from peer
May 31 23:07:02 fw1 pppoe[3352]: Sent PADT
May 31 23:07:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:07:41 fw1 pppd[1916]: Connection terminated.
May 31 23:07:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:07:41 fw1 pppd[1916]: Serial connection established.
May 31 23:07:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:07:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/4
May 31 23:07:41 fw1 pppoe[3368]: PADS: Service-Name: ''
May 31 23:07:41 fw1 pppoe[3368]: PPP session is 30899
May 31 23:08:02 fw1 pppoe[3368]: Session 30899 terminated -- received PADT from peer
May 31 23:08:02 fw1 pppoe[3368]: Sent PADT
May 31 23:08:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:08:41 fw1 pppd[1916]: Connection terminated.
May 31 23:08:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:08:41 fw1 pppd[1916]: Serial connection established.
May 31 23:08:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:08:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/5
May 31 23:08:41 fw1 pppoe[3384]: PADS: Service-Name: ''
May 31 23:08:41 fw1 pppoe[3384]: PPP session is 32262
May 31 23:09:02 fw1 pppoe[3384]: Session 32262 terminated -- received PADT from peer
May 31 23:09:02 fw1 pppoe[3384]: Sent PADT
May 31 23:09:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:09:41 fw1 pppd[1916]: Connection terminated.
May 31 23:09:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:09:41 fw1 pppd[1916]: Serial connection established.
May 31 23:09:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:09:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/6
May 31 23:09:42 fw1 pppoe[3400]: PADS: Service-Name: ''
May 31 23:09:42 fw1 pppoe[3400]: PPP session is 33618
May 31 23:10:02 fw1 pppoe[3400]: Session 33618 terminated -- received PADT from peer
May 31 23:10:02 fw1 pppoe[3400]: Sent PADT
May 31 23:10:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:10:41 fw1 pppd[1916]: Connection terminated.
May 31 23:10:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:10:42 fw1 pppd[1916]: Serial connection established.
May 31 23:10:42 fw1 pppd[1916]: Using interface ppp0
May 31 23:10:42 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/7
May 31 23:10:42 fw1 pppoe[3416]: PADS: Service-Name: ''
May 31 23:10:42 fw1 pppoe[3416]: PPP session is 34948
May 31 23:11:02 fw1 pppoe[3416]: Session 34948 terminated -- received PADT from peer
May 31 23:11:02 fw1 pppoe[3416]: Sent PADT
May 31 23:11:42 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:11:42 fw1 pppd[1916]: Connection terminated.
May 31 23:11:42 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:11:42 fw1 pppd[1916]: Serial connection established.
May 31 23:11:42 fw1 pppd[1916]: Using interface ppp0
May 31 23:11:42 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/8
May 31 23:11:42 fw1 pppoe[3434]: PADS: Service-Name: ''
May 31 23:11:42 fw1 pppoe[3434]: PPP session is 36415
May 31 23:12:02 fw1 pppoe[3434]: Session 36415 terminated -- received PADT from peer
May 31 23:12:02 fw1 pppoe[3434]: Sent PADT
May 31 23:12:42 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:12:42 fw1 pppd[1916]: Connection terminated.
May 31 23:12:42 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:12:42 fw1 pppd[1916]: Serial connection established.
May 31 23:12:42 fw1 pppd[1916]: Using interface ppp0
May 31 23:12:42 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/9
May 31 23:12:42 fw1 pppoe[3450]: PADS: Service-Name: ''
May 31 23:12:42 fw1 pppoe[3450]: PPP session is 37882
May 31 23:13:02 fw1 pppoe[3450]: Session 37882 terminated -- received PADT from peer
May 31 23:13:02 fw1 pppoe[3450]: Sent PADT
May 31 23:13:42 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:13:42 fw1 pppd[1916]: Connection terminated.
May 31 23:13:42 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:13:42 fw1 pppd[1916]: Serial connection established.
May 31 23:13:42 fw1 pppd[1916]: Using interface ppp0
May 31 23:13:42 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/10
May 31 23:13:42 fw1 pppoe[3466]: PADS: Service-Name: ''
May 31 23:13:42 fw1 pppoe[3466]: PPP session is 39204
May 31 23:14:02 fw1 pppoe[3466]: Session 39204 terminated -- received PADT from peer
May 31 23:14:02 fw1 pppoe[3466]: Sent PADT
May 31 23:14:42 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:14:42 fw1 pppd[1916]: Connection terminated.
May 31 23:14:42 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:14:42 fw1 pppd[1916]: Serial connection established.
May 31 23:14:42 fw1 pppd[1916]: Using interface ppp0
May 31 23:14:42 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/11
May 31 23:14:42 fw1 pppoe[3482]: PADS: Service-Name: ''
May 31 23:14:42 fw1 pppoe[3482]: PPP session is 40611
May 31 23:14:47 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:14:47 fw1 pppoe[3482]: read (asyncReadFromPPP): Session 40611: Input/output error
May 31 23:14:47 fw1 pppoe[3482]: Sent PADT
May 31 23:14:47 fw1 pppd[1916]: Exit.
Hopefully someone can shed some light on this for me,
the other option is to setup a dslmodem to create the connection and that would work but their would be an issue with the dynamic dns updating , as I use ddclient on my linux box,
Best Regards
Captain
it works with no problem, i am not sure how it works in other countries, but our dsl gets reset every 24 hours to change ip address via our telecommunications company (Telkom SA)
at this specific firewall it happens at 3am local time,
after the line resets it doesnt make a connection back to the net, however if i restart the firewall it makes a connection with no problem
I am using a pppoe connection using a dlink dsl modem in bridge mode,
here is my /etc/ppp/peers/dsl-provide
# Configuration file for PPP, using PPP over Ethernet
# to connect to a DSL provider.
#
# See the manual page pppd(8) for information on all the options.
##
# Section 1
#
# Stuff to configure...
# MUST CHANGE: Uncomment the following line, replacing the user@provider.net
# by the DSL user name given to your by your DSL provider.
# (There should be a matching entry in /etc/ppp/pap-secrets with the password.)
#user myusername@myprovider.net
# Use the pppoe program to send the ppp packets over the Ethernet link
# This line should work fine if this computer is the only one accessing
# the Internet through this DSL connection. This is the right line to use
# for most people.
pty "/usr/sbin/pppoe -I eth1 -T 80 -m 1452"
# If the computer connected to the Internet using pppoe is not being used
# by other computers as a gateway to the Internet, you can try the following
# line instead, for a small gain in speed:
#pty "/usr/sbin/pppoe -I eth1 -T 80"
# An even more conservative version of the previous line, if things
# don't work using -m 1452...
#pty "/usr/sbin/pppoe -I eth1 -T 80 -m 1412"
# The following two options should work fine for most DSL users.
# Assumes that your IP address is allocated dynamically
# by your DSL provider...
noipdefault
# Comment out if you already have the correct default route installed
defaultroute
##
# Section 2
#
# Uncomment if your DSL provider charges by minute connected
# and you want to use demand-dialing.
#
# Disconnect after 300 seconds (5 minutes) of idle time.
#demand
#idle 300
##
# Section 3
#
# You shouldn't need to change these options...
hide-password
lcp-echo-interval 60
lcp-echo-failure 3
# Override any connect script that may have been set in /etc/ppp/options.
connect /bin/true
noauth
persist
mtu 1492
usepeerdns
user "username@password"
Here is a copy of my /etc/ppp/options file:
fw1:~# cat /etc/ppp/options
# /etc/ppp/options
#
# Originally created by Jim Knoble <jmknoble@mercury.interpat
# Modified for Debian by alvar Bray <alvar@meiko.co.uk>
# Modified for PPP Server setup by Christoph Lameter <clameter@debian.org>
#
# To quickly see what options are active in this file, use this command:
# egrep -v '#|^ *$' /etc/ppp/options
# Specify which DNS Servers the incoming Win95 or WinNT Connection should use
# Two Servers can be remotely configured
# ms-dns 192.168.1.1
# ms-dns 192.168.1.2
# Specify which WINS Servers the incoming connection Win95 or WinNT should use
# ms-wins 192.168.1.50
# ms-wins 192.168.1.51
# Run the executable or shell command specified after pppd has
# terminated the link. This script could, for example, issue commands
# to the modem to cause it to hang up if hardware modem control signals
# were not available.
#disconnect "chat -- \d+++\d\c OK ath0 OK"
# async character map -- 32-bit hex; each bit is a character
# that needs to be escaped for pppd to receive it. 0x00000001
# represents '\x01', and 0x80000000 represents '\x1f'.
asyncmap 0
# Require the peer to authenticate itself before allowing network
# packets to be sent or received.
# Please do not disable this setting. It is expected to be standard in
# future releases of pppd. Use the call option (see manpage) to disable
# authentication for specific peers.
auth
# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
# on the serial port.
crtscts
# Use software flow control (i.e. XON/XOFF) to control the flow of data
# on the serial port.
#xonxoff
# Specifies that certain characters should be escaped on transmission
# (regardless of whether the peer requests them to be escaped with its
# async control character map). The characters to be escaped are
# specified as a list of hex numbers separated by commas. Note that
# almost any character can be specified for the escape option, unlike
# the asyncmap option which only allows control characters to be
# specified. The characters which may not be escaped are those with hex
# values 0x20 - 0x3f or 0x5e.
#escape 11,13,ff
# Don't use the modem control lines.
#local
# Specifies that pppd should use a UUCP-style lock on the serial device
# to ensure exclusive access to the device.
lock
# Don't show the passwords when logging the contents of PAP packets.
# This is the default.
hide-password
# When logging the contents of PAP packets, this option causes pppd to
# show the password string in the log message.
#show-password
# Use the modem control lines. On Ultrix, this option implies hardware
# flow control, as for the crtscts option. (This option is not fully
# implemented.)
#modem
# Set the MRU [Maximum Receive Unit] value to <n> for negotiation. pppd
# will ask the peer to send packets of no more than <n> bytes. The
# minimum MRU value is 128. The default MRU value is 1500. A value of
# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
# bytes of data).
#mru 542
# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
# notation (e.g. 255.255.255.0).
#netmask 255.255.255.0
# Disables the default behaviour when no local IP address is specified,
# which is to determine (if possible) the local IP address from the
# hostname. With this option, the peer will have to supply the local IP
# address during IPCP negotiation (unless it specified explicitly on the
# command line or in an options file).
noipdefault
# Enables the "passive" option in the LCP. With this option, pppd will
# attempt to initiate a connection; if no reply is received from the
# peer, pppd will then just wait passively for a valid LCP packet from
# the peer (instead of exiting, as it does without this option).
#passive
# With this option, pppd will not transmit LCP packets to initiate a
# connection until a valid LCP packet is received from the peer (as for
# the "passive" option with old versions of pppd).
#silent
# Don't request or allow negotiation of any options for LCP and IPCP
# (use default values).
#-all
# Disable Address/Control compression negotiation (use default, i.e.
# address/control field disabled).
#-ac
# Disable asyncmap negotiation (use the default asyncmap, i.e. escape
# all control characters).
#-am
# Don't fork to become a background process (otherwise pppd will do so
# if a serial device is specified).
#-detach
# Disable IP address negotiation (with this option, the remote IP
# address must be specified with an option on the command line or in
# an options file).
#-ip
# Disable IPCP negotiation and IP communication. This option should
# only be required if the peer is buggy and gets confused by requests
# from pppd for IPCP negotiation.
#noip
# Disable magic number negotiation. With this option, pppd cannot
# detect a looped-back line.
#-mn
# Disable MRU [Maximum Receive Unit] negotiation (use default, i.e.
# 1500).
#-mru
# Disable protocol field compression negotiation (use default, i.e.
# protocol field compression disabled).
#-pc
# Require the peer to authenticate itself using PAP.
#+pap
# Don't agree to authenticate using PAP.
#-pap
# Require the peer to authenticate itself using CHAP [Cryptographic
# Handshake Authentication Protocol] authentication.
#+chap
# Don't agree to authenticate using CHAP.
#-chap
# Disable negotiation of Van Jacobson style IP header compression (use
# default, i.e. no compression).
#-vj
# Increase debugging level (same as -d). If this option is given, pppd
# will log the contents of all control packets sent or received in a
# readable form. The packets are logged through syslog with facility
# daemon and level debug. This information can be directed to a file by
# setting up /etc/syslog.conf appropriately (see syslog.conf(5)). (If
# pppd is compiled with extra debugging enabled, it will log messages
# using facility local2 instead of daemon).
#debug
# Append the domain name <d> to the local host name for authentication
# purposes. For example, if gethostname() returns the name porsche,
# but the fully qualified domain name is porsche.Quotron.COM, you would
# use the domain option to set the domain name to Quotron.COM.
#domain <d>
# Enable debugging code in the kernel-level PPP driver. The argument n
# is a number which is the sum of the following values: 1 to enable
# general debug messages, 2 to request that the contents of received
# packets be printed, and 4 to request that the contents of transmitted
# packets be printed.
#kdebug n
# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
# requests a smaller value via MRU negotiation, pppd will request that
# the kernel networking code send data packets of no more than n bytes
# through the PPP network interface.
#mtu <n>
# Set the name of the local system for authentication purposes to <n>.
# This is a privileged option. With this option, pppd will use lines in the
# secrets files which have <n> as the second field when looking for a
# secret to use in authenticating the peer. In addition, unless overridden
# with the user option, <n> will be used as the name to send to the peer
# when authenticating the local system to the peer. (Note that pppd does
# not append the domain name to <n>.)
#name <n>
# Enforce the use of the hostname as the name of the local system for
# authentication purposes (overrides the name option).
#usehostname
# Set the assumed name of the remote system for authentication purposes
# to <n>.
#remotename <n>
# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system.
proxyarp
# Use the system password database for authenticating the peer using
# PAP. Note: mgetty already provides this option. If this is specified
# then dialin from users using a script under Linux to fire up ppp wont work.
# login
# If this option is given, pppd will send an LCP echo-request frame to the
# peer every n seconds. Normally the peer should respond to the echo-request
# by sending an echo-reply. This option can be used with the
# lcp-echo-failure option to detect that the peer is no longer connected.
lcp-echo-interval 30
# If this option is given, pppd will presume the peer to be dead if n
# LCP echo-requests are sent without receiving a valid LCP echo-reply.
# If this happens, pppd will terminate the connection. Use of this
# option requires a non-zero value for the lcp-echo-interval parameter.
# This option can be used to enable pppd to terminate after the physical
# connection has been broken (e.g., the modem has hung up) in
# situations where no hardware modem control lines are available.
lcp-echo-failure 4
# Set the LCP restart interval (retransmission timeout) to <n> seconds
# (default 3).
#lcp-restart <n>
# Set the maximum number of LCP terminate-request transmissions to <n>
# (default 3).
#lcp-max-terminate <n>
# Set the maximum number of LCP configure-request transmissions to <n>
# (default 10).
#lcp-max-configure <n>
# Set the maximum number of LCP configure-NAKs returned before starting
# to send configure-Rejects instead to <n> (default 10).
#lcp-max-failure <n>
# Set the IPCP restart interval (retransmission timeout) to <n>
# seconds (default 3).
#ipcp-restart <n>
# Set the maximum number of IPCP terminate-request transmissions to <n>
# (default 3).
#ipcp-max-terminate <n>
# Set the maximum number of IPCP configure-request transmissions to <n>
# (default 10).
#ipcp-max-configure <n>
# Set the maximum number of IPCP configure-NAKs returned before starting
# to send configure-Rejects instead to <n> (default 10).
#ipcp-max-failure <n>
# Set the PAP restart interval (retransmission timeout) to <n> seconds
# (default 3).
#pap-restart <n>
# Set the maximum number of PAP authenticate-request transmissions to
# <n> (default 10).
#pap-max-authreq <n>
# Set the maximum time that pppd will wait for the peer to authenticate
# itself with PAP to <n> seconds (0 means no limit).
#pap-timeout <n>
# Set the CHAP restart interval (retransmission timeout for
# challenges) to <n> seconds (default 3).
#chap-restart <n>
# Set the maximum number of CHAP challenge transmissions to <n>
# (default 10).
#chap-max-challenge
# If this option is given, pppd will rechallenge the peer every <n>
# seconds.
#chap-interval <n>
# With this option, pppd will accept the peer's idea of our local IP
# address, even if the local IP address was specified in an option.
#ipcp-accept-local
# With this option, pppd will accept the peer's idea of its (remote) IP
# address, even if the remote IP address was specified in an option.
#ipcp-accept-remote
# Disable the IPXCP and IPX protocols.
# To let pppd pass IPX packets comment this out --- you'll probably also
# want to install ipxripd, and have the Internal IPX Network option enabled
# in your kernel. /usr/doc/HOWTO/IPX-HOWTO.g
noipx
# Exit once a connection has been made and terminated. This is the default,
# unless the `persist' or `demand' option has been specified.
#nopersist
# Do not exit after a connection is terminated; instead try to reopen
# the connection.
persist
# Terminate after n consecutive failed connection attempts.
# A value of 0 means no limit. The default value is 10.
#maxfail <n>
# Initiate the link only on demand, i.e. when data traffic is present.
# With this option, the remote IP address must be specified by the user on
# the command line or in an options file. Pppd will initially configure
# the interface and enable it for IP traffic without connecting to the peer.
# When traffic is available, pppd will connect to the peer and perform
# negotiation, authentication, etc. When this is completed, pppd will
# commence passing data packets (i.e., IP packets) across the link.
#demand
# Specifies that pppd should disconnect if the link is idle for <n> seconds.
# The link is idle when no data packets (i.e. IP packets) are being sent or
# received. Note: it is not advisable to use this option with the persist
# option without the demand option. If the active-filter option is given,
# data packets which are rejected by the specified activity filter also
# count as the link being idle.
#idle <n>
# Specifies how many seconds to wait before re-initiating the link after
# it terminates. This option only has any effect if the persist or demand
# option is used. The holdoff period is not applied if the link was
# terminated because it was idle.
#holdoff <n>
# Wait for up n milliseconds after the connect script finishes for a valid
# PPP packet from the peer. At the end of this time, or when a valid PPP
# packet is received from the peer, pppd will commence negotiation by
# sending its first LCP packet. The default value is 1000 (1 second).
# This wait period only applies if the connect or pty option is used.
connect-delay 3000
# Packet filtering: for more information, see pppd(8)
# Any packets matching the filter expression will be interpreted as link
# activity, and will cause a "demand" connection to be activated, and reset
# the idle connection timer. (idle option)
# The filter expression is akin to that of tcpdump(1)
#active-filter <filter-expression>
# ---<End of File>---
I tailed the syslog to find the error and this is what i came up with ,
May 31 23:04:38 fw1 pppd[1916]: LCP terminated by peer
May 31 23:04:38 fw1 pppd[1916]: Connect time 1038.7 minutes.
May 31 23:04:38 fw1 pppd[1916]: Sent 208961140 bytes, received 149292714 bytes.
May 31 23:04:38 fw1 pppoe[1919]: Session 25366 terminated -- received PADT from peer
May 31 23:04:38 fw1 pppoe[1919]: Sent PADT
May 31 23:04:41 fw1 pppd[1916]: Connection terminated.
May 31 23:04:41 fw1 pppd[1916]: tcflush failed: Input/output error
May 31 23:04:41 fw1 pppd[1916]: Serial connection established.
May 31 23:04:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:04:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/1
May 31 23:04:41 fw1 pppoe[3318]: PADS: Service-Name: ''
May 31 23:04:41 fw1 pppoe[3318]: PPP session is 26507
May 31 23:05:01 fw1 pppoe[3318]: Session 26507 terminated -- received PADT from peer
May 31 23:05:01 fw1 pppoe[3318]: Sent PADT
May 31 23:05:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:05:41 fw1 pppd[1916]: Connection terminated.
May 31 23:05:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:05:41 fw1 pppd[1916]: Serial connection established.
May 31 23:05:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:05:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/2
May 31 23:05:41 fw1 pppoe[3334]: PADS: Service-Name: ''
May 31 23:05:41 fw1 pppoe[3334]: PPP session is 28065
May 31 23:06:02 fw1 pppoe[3334]: Session 28065 terminated -- received PADT from peer
May 31 23:06:02 fw1 pppoe[3334]: Sent PADT
May 31 23:06:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:06:41 fw1 pppd[1916]: Connection terminated.
May 31 23:06:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:06:41 fw1 pppd[1916]: Serial connection established.
May 31 23:06:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:06:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/3
May 31 23:06:41 fw1 pppoe[3352]: PADS: Service-Name: ''
May 31 23:06:41 fw1 pppoe[3352]: PPP session is 29515
May 31 23:07:02 fw1 pppoe[3352]: Session 29515 terminated -- received PADT from peer
May 31 23:07:02 fw1 pppoe[3352]: Sent PADT
May 31 23:07:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:07:41 fw1 pppd[1916]: Connection terminated.
May 31 23:07:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:07:41 fw1 pppd[1916]: Serial connection established.
May 31 23:07:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:07:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/4
May 31 23:07:41 fw1 pppoe[3368]: PADS: Service-Name: ''
May 31 23:07:41 fw1 pppoe[3368]: PPP session is 30899
May 31 23:08:02 fw1 pppoe[3368]: Session 30899 terminated -- received PADT from peer
May 31 23:08:02 fw1 pppoe[3368]: Sent PADT
May 31 23:08:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:08:41 fw1 pppd[1916]: Connection terminated.
May 31 23:08:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:08:41 fw1 pppd[1916]: Serial connection established.
May 31 23:08:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:08:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/5
May 31 23:08:41 fw1 pppoe[3384]: PADS: Service-Name: ''
May 31 23:08:41 fw1 pppoe[3384]: PPP session is 32262
May 31 23:09:02 fw1 pppoe[3384]: Session 32262 terminated -- received PADT from peer
May 31 23:09:02 fw1 pppoe[3384]: Sent PADT
May 31 23:09:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:09:41 fw1 pppd[1916]: Connection terminated.
May 31 23:09:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:09:41 fw1 pppd[1916]: Serial connection established.
May 31 23:09:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:09:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/6
May 31 23:09:42 fw1 pppoe[3400]: PADS: Service-Name: ''
May 31 23:09:42 fw1 pppoe[3400]: PPP session is 33618
May 31 23:10:02 fw1 pppoe[3400]: Session 33618 terminated -- received PADT from peer
May 31 23:10:02 fw1 pppoe[3400]: Sent PADT
May 31 23:10:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:10:41 fw1 pppd[1916]: Connection terminated.
May 31 23:10:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:10:42 fw1 pppd[1916]: Serial connection established.
May 31 23:10:42 fw1 pppd[1916]: Using interface ppp0
May 31 23:10:42 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/7
May 31 23:10:42 fw1 pppoe[3416]: PADS: Service-Name: ''
May 31 23:10:42 fw1 pppoe[3416]: PPP session is 34948
May 31 23:11:02 fw1 pppoe[3416]: Session 34948 terminated -- received PADT from peer
May 31 23:11:02 fw1 pppoe[3416]: Sent PADT
May 31 23:11:42 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:11:42 fw1 pppd[1916]: Connection terminated.
May 31 23:11:42 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:11:42 fw1 pppd[1916]: Serial connection established.
May 31 23:11:42 fw1 pppd[1916]: Using interface ppp0
May 31 23:11:42 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/8
May 31 23:11:42 fw1 pppoe[3434]: PADS: Service-Name: ''
May 31 23:11:42 fw1 pppoe[3434]: PPP session is 36415
May 31 23:12:02 fw1 pppoe[3434]: Session 36415 terminated -- received PADT from peer
May 31 23:12:02 fw1 pppoe[3434]: Sent PADT
May 31 23:12:42 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:12:42 fw1 pppd[1916]: Connection terminated.
May 31 23:12:42 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:12:42 fw1 pppd[1916]: Serial connection established.
May 31 23:12:42 fw1 pppd[1916]: Using interface ppp0
May 31 23:12:42 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/9
May 31 23:12:42 fw1 pppoe[3450]: PADS: Service-Name: ''
May 31 23:12:42 fw1 pppoe[3450]: PPP session is 37882
May 31 23:13:02 fw1 pppoe[3450]: Session 37882 terminated -- received PADT from peer
May 31 23:13:02 fw1 pppoe[3450]: Sent PADT
May 31 23:13:42 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:13:42 fw1 pppd[1916]: Connection terminated.
May 31 23:13:42 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:13:42 fw1 pppd[1916]: Serial connection established.
May 31 23:13:42 fw1 pppd[1916]: Using interface ppp0
May 31 23:13:42 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/10
May 31 23:13:42 fw1 pppoe[3466]: PADS: Service-Name: ''
May 31 23:13:42 fw1 pppoe[3466]: PPP session is 39204
May 31 23:14:02 fw1 pppoe[3466]: Session 39204 terminated -- received PADT from peer
May 31 23:14:02 fw1 pppoe[3466]: Sent PADT
May 31 23:14:42 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:14:42 fw1 pppd[1916]: Connection terminated.
May 31 23:14:42 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:14:42 fw1 pppd[1916]: Serial connection established.
May 31 23:14:42 fw1 pppd[1916]: Using interface ppp0
May 31 23:14:42 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/11
May 31 23:14:42 fw1 pppoe[3482]: PADS: Service-Name: ''
May 31 23:14:42 fw1 pppoe[3482]: PPP session is 40611
May 31 23:14:47 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:14:47 fw1 pppoe[3482]: read (asyncReadFromPPP): Session 40611: Input/output error
May 31 23:14:47 fw1 pppoe[3482]: Sent PADT
May 31 23:14:47 fw1 pppd[1916]: Exit.
Hopefully someone can shed some light on this for me,
the other option is to setup a dslmodem to create the connection and that would work but their would be an issue with the dynamic dns updating , as I use ddclient on my linux box,
Best Regards
Captain
ASKER
the username and password (i didnt put my username and password in for obvious reasons)
the current box is exactly what you have described
it basically a debian box 2 lan cards, acts as firewall and a gateway, and creates the connection using pppoe ,
its really the persist part that is not working , I will try install IPCOP and see if that helps,
Will let you know,
thanks for the response
the current box is exactly what you have described
it basically a debian box 2 lan cards, acts as firewall and a gateway, and creates the connection using pppoe ,
its really the persist part that is not working , I will try install IPCOP and see if that helps,
Will let you know,
thanks for the response
Hi,
I noticed you said you need to restart your firewall could you not have a crontab to restart at 3AM?
I noticed you said you need to restart your firewall could you not have a crontab to restart at 3AM?
ASKER
Hi xDamox,
thanks for the idea, but I was perusing the logs and it seems there might be another error, please check the syslog below
from past experience i have noticed that there is no specific fixed time that the telecommunication company resets the dsl connections, which could prove to be a problem if the reboot happens before the dsl connection is reset,
I have included abit of the logs whilst the connection was still up
May 31 21:20:04 fw1 kernel: TCP-Rejected IN=ppp0 OUT= MAC= SRC=71.81.203.69 DST=165.146.76.36 LEN=48 TOS=0x00 PREC=0x40 TTL=110 ID=1246 DF PROTO=TCP SPT=2017 DPT=6348 WINDOW=65535 RES=0x00 SYN URGP=0
May 31 21:46:00 fw1 -- MARK --
May 31 22:06:00 fw1 -- MARK --
May 31 22:17:01 fw1 /USR/SBIN/CRON[3276]: (root) CMD ( run-parts --report /etc/cron.hourly)
May 31 22:46:01 fw1 -- MARK --
May 31 22:59:34 fw1 kernel: TCP-Rejected IN=ppp0 OUT= MAC= SRC=82.43.175.189 DST=165.146.76.36 LEN=48 TOS=0x00 PREC=0x40 TTL=110 ID=30088 DF PROTO=TCP SPT=3486 DPT=6348 WINDOW=60480 RES=0x00 SYN URGP=0
May 31 22:59:37 fw1 kernel: TCP-Rejected IN=ppp0 OUT= MAC= SRC=82.43.175.189 DST=165.146.76.36 LEN=48 TOS=0x00 PREC=0x40 TTL=110 ID=30142 DF PROTO=TCP SPT=3486 DPT=6348 WINDOW=60480 RES=0x00 SYN URGP=0
May 31 23:04:38 fw1 pppd[1916]: LCP terminated by peer
May 31 23:04:38 fw1 pppd[1916]: Connect time 1038.7 minutes.
May 31 23:04:38 fw1 pppd[1916]: Sent 208961140 bytes, received 149292714 bytes.
May 31 23:04:38 fw1 pppoe[1919]: Session 25366 terminated -- received PADT from peer
May 31 23:04:38 fw1 pppoe[1919]: Sent PADT
May 31 23:04:41 fw1 pppd[1916]: Connection terminated.
May 31 23:04:41 fw1 pppd[1916]: tcflush failed: Input/output error
May 31 23:04:41 fw1 pppd[1916]: Serial connection established.
May 31 23:04:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:04:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/1
May 31 23:04:41 fw1 pppoe[3318]: PADS: Service-Name: ''
May 31 23:04:41 fw1 pppoe[3318]: PPP session is 26507
May 31 23:05:01 fw1 pppoe[3318]: Session 26507 terminated -- received PADT from peer
May 31 23:05:01 fw1 pppoe[3318]: Sent PADT
May 31 23:05:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:05:41 fw1 pppd[1916]: Connection terminated.
May 31 23:05:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:05:41 fw1 pppd[1916]: Serial connection established.
May 31 23:05:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:05:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/2
May 31 23:05:41 fw1 pppoe[3334]: PADS: Service-Name: ''
May 31 23:05:41 fw1 pppoe[3334]: PPP session is 28065
May 31 23:06:02 fw1 pppoe[3334]: Session 28065 terminated -- received PADT from peer
May 31 23:06:02 fw1 pppoe[3334]: Sent PADT
May 31 23:06:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:06:41 fw1 pppd[1916]: Connection terminated.
May 31 23:06:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:06:41 fw1 pppd[1916]: Serial connection established.
May 31 23:06:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:06:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/3
May 31 23:06:41 fw1 pppoe[3352]: PADS: Service-Name: ''
May 31 23:06:41 fw1 pppoe[3352]: PPP session is 29515
May 31 23:07:02 fw1 pppoe[3352]: Session 29515 terminated -- received PADT from peer
May 31 23:07:02 fw1 pppoe[3352]: Sent PADT
May 31 23:07:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:07:41 fw1 pppd[1916]: Connection terminated.
May 31 23:07:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:07:41 fw1 pppd[1916]: Serial connection established.
May 31 23:07:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:07:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/4
May 31 23:07:41 fw1 pppoe[3368]: PADS: Service-Name: ''
May 31 23:07:41 fw1 pppoe[3368]: PPP session is 30899
May 31 23:08:02 fw1 pppoe[3368]: Session 30899 terminated -- received PADT from peer
May 31 23:08:02 fw1 pppoe[3368]: Sent PADT
May 31 23:08:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:08:41 fw1 pppd[1916]: Connection terminated.
May 31 23:08:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:08:41 fw1 pppd[1916]: Serial connection established.
May 31 23:08:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:08:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/5
May 31 23:08:41 fw1 pppoe[3384]: PADS: Service-Name: ''
May 31 23:08:41 fw1 pppoe[3384]: PPP session is 32262
May 31 23:09:02 fw1 pppoe[3384]: Session 32262 terminated -- received PADT from peer
May 31 23:09:02 fw1 pppoe[3384]: Sent PADT
May 31 23:09:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:09:41 fw1 pppd[1916]: Connection terminated.
May 31 23:09:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:09:41 fw1 pppd[1916]: Serial connection established.
May 31 23:09:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:09:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/6
May 31 23:09:42 fw1 pppoe[3400]: PADS: Service-Name: ''
May 31 23:09:42 fw1 pppoe[3400]: PPP session is 33618
May 31 23:10:02 fw1 pppoe[3400]: Session 33618 terminated -- received PADT from peer
May 31 23:10:02 fw1 pppoe[3400]: Sent PADT
May 31 23:10:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:10:41 fw1 pppd[1916]: Connection terminated.
May 31 23:10:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:10:42 fw1 pppd[1916]: Serial connection established.
May 31 23:10:42 fw1 pppd[1916]: Using interface ppp0
May 31 23:10:42 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/7
May 31 23:10:42 fw1 pppoe[3416]: PADS: Service-Name: ''
May 31 23:10:42 fw1 pppoe[3416]: PPP session is 34948
May 31 23:11:02 fw1 pppoe[3416]: Session 34948 terminated -- received PADT from peer
May 31 23:11:02 fw1 pppoe[3416]: Sent PADT
May 31 23:11:42 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:11:42 fw1 pppd[1916]: Connection terminated.
May 31 23:11:42 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:11:42 fw1 pppd[1916]: Serial connection established.
May 31 23:11:42 fw1 pppd[1916]: Using interface ppp0
May 31 23:11:42 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/8
May 31 23:11:42 fw1 pppoe[3434]: PADS: Service-Name: ''
May 31 23:11:42 fw1 pppoe[3434]: PPP session is 36415
May 31 23:12:02 fw1 pppoe[3434]: Session 36415 terminated -- received PADT from peer
May 31 23:12:02 fw1 pppoe[3434]: Sent PADT
May 31 23:12:42 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:12:42 fw1 pppd[1916]: Connection terminated.
May 31 23:12:42 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:12:42 fw1 pppd[1916]: Serial connection established.
May 31 23:12:42 fw1 pppd[1916]: Using interface ppp0
May 31 23:12:42 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/9
May 31 23:12:42 fw1 pppoe[3450]: PADS: Service-Name: ''
May 31 23:12:42 fw1 pppoe[3450]: PPP session is 37882
May 31 23:13:02 fw1 pppoe[3450]: Session 37882 terminated -- received PADT from peer
May 31 23:13:02 fw1 pppoe[3450]: Sent PADT
May 31 23:13:42 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:13:42 fw1 pppd[1916]: Connection terminated.
May 31 23:13:42 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:13:42 fw1 pppd[1916]: Serial connection established.
May 31 23:13:42 fw1 pppd[1916]: Using interface ppp0
May 31 23:13:42 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/10
May 31 23:13:42 fw1 pppoe[3466]: PADS: Service-Name: ''
May 31 23:13:42 fw1 pppoe[3466]: PPP session is 39204
May 31 23:14:02 fw1 pppoe[3466]: Session 39204 terminated -- received PADT from peer
May 31 23:14:02 fw1 pppoe[3466]: Sent PADT
May 31 23:14:42 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:14:42 fw1 pppd[1916]: Connection terminated.
May 31 23:14:42 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:14:42 fw1 pppd[1916]: Serial connection established.
May 31 23:14:42 fw1 pppd[1916]: Using interface ppp0
May 31 23:14:42 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/11
May 31 23:14:42 fw1 pppoe[3482]: PADS: Service-Name: ''
May 31 23:14:42 fw1 pppoe[3482]: PPP session is 40611
May 31 23:14:47 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:14:47 fw1 pppoe[3482]: read (asyncReadFromPPP): Session 40611: Input/output error
May 31 23:14:47 fw1 pppoe[3482]: Sent PADT
it seems to try and connect , and after after 10 attempts gives up , there is a possibility that the line could have genuinely been down at these times, not likely but possibly, so what
I have changed a setting in the options file
maxfail 0 (meaning that it wont default to 10 retries only but to carry in trying)
I also set hold off to 10 seconds to wait before re-initiating
Any ideas , will let you know if it works
Captain
thanks for the idea, but I was perusing the logs and it seems there might be another error, please check the syslog below
from past experience i have noticed that there is no specific fixed time that the telecommunication company resets the dsl connections, which could prove to be a problem if the reboot happens before the dsl connection is reset,
I have included abit of the logs whilst the connection was still up
May 31 21:20:04 fw1 kernel: TCP-Rejected IN=ppp0 OUT= MAC= SRC=71.81.203.69 DST=165.146.76.36 LEN=48 TOS=0x00 PREC=0x40 TTL=110 ID=1246 DF PROTO=TCP SPT=2017 DPT=6348 WINDOW=65535 RES=0x00 SYN URGP=0
May 31 21:46:00 fw1 -- MARK --
May 31 22:06:00 fw1 -- MARK --
May 31 22:17:01 fw1 /USR/SBIN/CRON[3276]: (root) CMD ( run-parts --report /etc/cron.hourly)
May 31 22:46:01 fw1 -- MARK --
May 31 22:59:34 fw1 kernel: TCP-Rejected IN=ppp0 OUT= MAC= SRC=82.43.175.189 DST=165.146.76.36 LEN=48 TOS=0x00 PREC=0x40 TTL=110 ID=30088 DF PROTO=TCP SPT=3486 DPT=6348 WINDOW=60480 RES=0x00 SYN URGP=0
May 31 22:59:37 fw1 kernel: TCP-Rejected IN=ppp0 OUT= MAC= SRC=82.43.175.189 DST=165.146.76.36 LEN=48 TOS=0x00 PREC=0x40 TTL=110 ID=30142 DF PROTO=TCP SPT=3486 DPT=6348 WINDOW=60480 RES=0x00 SYN URGP=0
May 31 23:04:38 fw1 pppd[1916]: LCP terminated by peer
May 31 23:04:38 fw1 pppd[1916]: Connect time 1038.7 minutes.
May 31 23:04:38 fw1 pppd[1916]: Sent 208961140 bytes, received 149292714 bytes.
May 31 23:04:38 fw1 pppoe[1919]: Session 25366 terminated -- received PADT from peer
May 31 23:04:38 fw1 pppoe[1919]: Sent PADT
May 31 23:04:41 fw1 pppd[1916]: Connection terminated.
May 31 23:04:41 fw1 pppd[1916]: tcflush failed: Input/output error
May 31 23:04:41 fw1 pppd[1916]: Serial connection established.
May 31 23:04:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:04:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/1
May 31 23:04:41 fw1 pppoe[3318]: PADS: Service-Name: ''
May 31 23:04:41 fw1 pppoe[3318]: PPP session is 26507
May 31 23:05:01 fw1 pppoe[3318]: Session 26507 terminated -- received PADT from peer
May 31 23:05:01 fw1 pppoe[3318]: Sent PADT
May 31 23:05:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:05:41 fw1 pppd[1916]: Connection terminated.
May 31 23:05:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:05:41 fw1 pppd[1916]: Serial connection established.
May 31 23:05:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:05:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/2
May 31 23:05:41 fw1 pppoe[3334]: PADS: Service-Name: ''
May 31 23:05:41 fw1 pppoe[3334]: PPP session is 28065
May 31 23:06:02 fw1 pppoe[3334]: Session 28065 terminated -- received PADT from peer
May 31 23:06:02 fw1 pppoe[3334]: Sent PADT
May 31 23:06:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:06:41 fw1 pppd[1916]: Connection terminated.
May 31 23:06:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:06:41 fw1 pppd[1916]: Serial connection established.
May 31 23:06:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:06:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/3
May 31 23:06:41 fw1 pppoe[3352]: PADS: Service-Name: ''
May 31 23:06:41 fw1 pppoe[3352]: PPP session is 29515
May 31 23:07:02 fw1 pppoe[3352]: Session 29515 terminated -- received PADT from peer
May 31 23:07:02 fw1 pppoe[3352]: Sent PADT
May 31 23:07:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:07:41 fw1 pppd[1916]: Connection terminated.
May 31 23:07:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:07:41 fw1 pppd[1916]: Serial connection established.
May 31 23:07:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:07:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/4
May 31 23:07:41 fw1 pppoe[3368]: PADS: Service-Name: ''
May 31 23:07:41 fw1 pppoe[3368]: PPP session is 30899
May 31 23:08:02 fw1 pppoe[3368]: Session 30899 terminated -- received PADT from peer
May 31 23:08:02 fw1 pppoe[3368]: Sent PADT
May 31 23:08:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:08:41 fw1 pppd[1916]: Connection terminated.
May 31 23:08:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:08:41 fw1 pppd[1916]: Serial connection established.
May 31 23:08:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:08:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/5
May 31 23:08:41 fw1 pppoe[3384]: PADS: Service-Name: ''
May 31 23:08:41 fw1 pppoe[3384]: PPP session is 32262
May 31 23:09:02 fw1 pppoe[3384]: Session 32262 terminated -- received PADT from peer
May 31 23:09:02 fw1 pppoe[3384]: Sent PADT
May 31 23:09:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:09:41 fw1 pppd[1916]: Connection terminated.
May 31 23:09:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:09:41 fw1 pppd[1916]: Serial connection established.
May 31 23:09:41 fw1 pppd[1916]: Using interface ppp0
May 31 23:09:41 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/6
May 31 23:09:42 fw1 pppoe[3400]: PADS: Service-Name: ''
May 31 23:09:42 fw1 pppoe[3400]: PPP session is 33618
May 31 23:10:02 fw1 pppoe[3400]: Session 33618 terminated -- received PADT from peer
May 31 23:10:02 fw1 pppoe[3400]: Sent PADT
May 31 23:10:41 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:10:41 fw1 pppd[1916]: Connection terminated.
May 31 23:10:41 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:10:42 fw1 pppd[1916]: Serial connection established.
May 31 23:10:42 fw1 pppd[1916]: Using interface ppp0
May 31 23:10:42 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/7
May 31 23:10:42 fw1 pppoe[3416]: PADS: Service-Name: ''
May 31 23:10:42 fw1 pppoe[3416]: PPP session is 34948
May 31 23:11:02 fw1 pppoe[3416]: Session 34948 terminated -- received PADT from peer
May 31 23:11:02 fw1 pppoe[3416]: Sent PADT
May 31 23:11:42 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:11:42 fw1 pppd[1916]: Connection terminated.
May 31 23:11:42 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:11:42 fw1 pppd[1916]: Serial connection established.
May 31 23:11:42 fw1 pppd[1916]: Using interface ppp0
May 31 23:11:42 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/8
May 31 23:11:42 fw1 pppoe[3434]: PADS: Service-Name: ''
May 31 23:11:42 fw1 pppoe[3434]: PPP session is 36415
May 31 23:12:02 fw1 pppoe[3434]: Session 36415 terminated -- received PADT from peer
May 31 23:12:02 fw1 pppoe[3434]: Sent PADT
May 31 23:12:42 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:12:42 fw1 pppd[1916]: Connection terminated.
May 31 23:12:42 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:12:42 fw1 pppd[1916]: Serial connection established.
May 31 23:12:42 fw1 pppd[1916]: Using interface ppp0
May 31 23:12:42 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/9
May 31 23:12:42 fw1 pppoe[3450]: PADS: Service-Name: ''
May 31 23:12:42 fw1 pppoe[3450]: PPP session is 37882
May 31 23:13:02 fw1 pppoe[3450]: Session 37882 terminated -- received PADT from peer
May 31 23:13:02 fw1 pppoe[3450]: Sent PADT
May 31 23:13:42 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:13:42 fw1 pppd[1916]: Connection terminated.
May 31 23:13:42 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:13:42 fw1 pppd[1916]: Serial connection established.
May 31 23:13:42 fw1 pppd[1916]: Using interface ppp0
May 31 23:13:42 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/10
May 31 23:13:42 fw1 pppoe[3466]: PADS: Service-Name: ''
May 31 23:13:42 fw1 pppoe[3466]: PPP session is 39204
May 31 23:14:02 fw1 pppoe[3466]: Session 39204 terminated -- received PADT from peer
May 31 23:14:02 fw1 pppoe[3466]: Sent PADT
May 31 23:14:42 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:14:42 fw1 pppd[1916]: Connection terminated.
May 31 23:14:42 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:14:42 fw1 pppd[1916]: Serial connection established.
May 31 23:14:42 fw1 pppd[1916]: Using interface ppp0
May 31 23:14:42 fw1 pppd[1916]: Connect: ppp0 <--> /dev/pts/11
May 31 23:14:42 fw1 pppoe[3482]: PADS: Service-Name: ''
May 31 23:14:42 fw1 pppoe[3482]: PPP session is 40611
May 31 23:14:47 fw1 pppd[1916]: tcflush failed: Bad file descriptor
May 31 23:14:47 fw1 pppoe[3482]: read (asyncReadFromPPP): Session 40611: Input/output error
May 31 23:14:47 fw1 pppoe[3482]: Sent PADT
it seems to try and connect , and after after 10 attempts gives up , there is a possibility that the line could have genuinely been down at these times, not likely but possibly, so what
I have changed a setting in the options file
maxfail 0 (meaning that it wont default to 10 retries only but to carry in trying)
I also set hold off to 10 seconds to wait before re-initiating
Any ideas , will let you know if it works
Captain
Hi,
Whats weird that I see is:
May 31 23:13:42 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:13:42 fw1 pppd[1916]: Connection terminated.
May 31 23:13:42 fw1 pppd[1916]: tcflush failed: Bad file descriptor
Notice the tcpflush failed? I wonder if thats cuasing the problems
Whats weird that I see is:
May 31 23:13:42 fw1 pppd[1916]: LCP: timeout sending Config-Requests
May 31 23:13:42 fw1 pppd[1916]: Connection terminated.
May 31 23:13:42 fw1 pppd[1916]: tcflush failed: Bad file descriptor
Notice the tcpflush failed? I wonder if thats cuasing the problems
ASKER
Hi xDamox,
I did notice that , I'm not too sure what exactly it means though, or how to fix it, however, I did check the firewall this morning and it looks like the connection came back up on its own, after the changes that I made, I'll be able to check within the course of the day
Regards
Captain
I did notice that , I'm not too sure what exactly it means though, or how to fix it, however, I did check the firewall this morning and it looks like the connection came back up on its own, after the changes that I made, I'll be able to check within the course of the day
Regards
Captain
ASKER
Hi All,
That didnt seem to work, it has done the same thing again , does anyone know what the below means
May 31 23:13:42 fw1 pppd[1916]: tcflush failed: Bad file descriptor
That didnt seem to work, it has done the same thing again , does anyone know what the below means
May 31 23:13:42 fw1 pppd[1916]: tcflush failed: Bad file descriptor
ASKER
Hi All,
I copied the dsl-provider file to a backup file and also the options file to a backup file, removed the ppp0 from the /etc/network/interfaces,
I then ran pppoeconfig and it seems to have sorted out the problem, it has been running for 3 days without any problems,
Regards
Captain
I copied the dsl-provider file to a backup file and also the options file to a backup file, removed the ppp0 from the /etc/network/interfaces,
I then ran pppoeconfig and it seems to have sorted out the problem, it has been running for 3 days without any problems,
Regards
Captain
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The snippets of the config files you supplied , in particular the first one does not contain you actual username and password. Is that just to obfuscate it from a public post, or is that an ommission? If so, it *might* be the cause.
The rest looks pretty OK, but I'm not an expert in that area.
If it is at all possible and you have a machine lying around, you might find it easier to install IPCOP on a separate box to act as your firewall/gateway/IDS. I've been using it for a long time now and it's "persist" feature actually works ;) You need a smalish machine with 2 Lan cards and mabye a CDrom to make install easy.