[ previous ] [ next ] [ threads ]
 
 From:  Jesse Guardiani <jesse at wingnet dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: FAQ 13.13 problem...
 Date:  Wed, 17 Nov 2004 15:00:14 -0500
Jesse Guardiani wrote:

> Jesse Guardiani wrote:
> 
>> Jesse Guardiani wrote:
>> 
>>> Hello,
>>> 
>>> I'm running m0n0wall 1.11. I've spent the entire
>>> night trying to get FAQ 13.13's 'routing' example
>>> working, but to no avail.
>>> 
>>> I connect via PPPoE, and I have three NICs in my
>>> box: WAN, LAN, Public. I have routed a /29 to my
>>> PPPoE account, and I turned on advanced outbound
>>> NAT and just entered one NAT for what I think is
>>> my LAN:
>> 
>> Is it even possible to route a /29 to a m0n0wall WAN
>> that is doing PPPoE? I *was* just assigning a static
>> IP to the PPPoE interface from RADIUS, but I just
>> tried to assign a /29 subnet directly - so I can could
>> try to bridge WAN and Public - but the netmask it
>> gives me is still: 255.255.255.255
>> 
>> Is anyone out there successfully routing a subnet directly
>> to the WAN interface via PPPoE? If so, is there a trick
>> to it? (my upstream PPPoE server is a Cisco 2600)
> 
> Nevermind. The answer is NO, you can't get a netmask
> via PPPoE. This post explains that fact and recommends that
> I assign the static IPs to one of my OPT interfaces:
> 
> http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=68&actionargs[]=16

Adding the subnet to my OPT interface doesn't work though.
Here is what I currently have configured:

WAN : PPPoE <- 216.64.98.233 mask 255.255.255.255 via RADIUS
LAN : 192.168.1.1/24
OPT : 216.64.98.234/29

Advanced Outgoing NAT is on, and I have an outgoing NAT
rule for the WAN interface with a source network of
192.168.1.1/24.

In my rules, I have:

Allow: WAN -> OPT
Allow: OPT -> WAN
Allow: LAN -> WAN
Deny

According to all of the docs I've seen, this should work.
I should be able to access the OPT network from the internet.
But it isn't working. I don't know if the internet can ping
me, but when I try to tracepath to an internet address then
one of two things happen:

# tracepath 216.64.102.2
 1:  216.64.98.235 (216.64.98.235)                          0.397ms pmtu 1500
 1:  216.64.98.234 (216.64.98.234)                          0.534ms
 2:  216.64.98.234 (216.64.98.234)                        asymm  1   0.519ms pmtu 576
 3:  no reply
 4:  no reply

# tracepath 216.64.103.3
 1:  216.64.98.235 (216.64.98.235)                          0.440ms pmtu 1500
 1:  216.64.98.234 (216.64.98.234)                          0.559ms
 2:  216.64.98.234 (216.64.98.234)                        asymm  1   0.533ms pmtu 576
 3:  216.64.96.1 (216.64.96.1)                             44.870ms
 4:  216.64.96.2 (216.64.96.2)                            asymm  2  40.635ms
 5:  216.64.96.1 (216.64.96.1)                            asymm  3  39.815ms
 6:  216.64.96.2 (216.64.96.2)                            asymm  2  47.647ms
 7:  216.64.96.1 (216.64.96.1)                            asymm  3  41.318ms
<this continues>

The LAN interface can access the internet without any trouble.

I have maximum logging configured, and when I ping an internet
IP from OPT interface I can see the firewall allow it. I never
see any firewall block logs.

Can someone tell me what is happening and how I can fix it?
I basically want my OPT interface to act like a public routed
subnet.

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net