Re: [leaf-user] Trouble with virgin setup of Bering 1.0, on PPPoEDSL (Alcatel SpeedTOuch Home modem) - fixed & followup

[freeman]

Folks, thanks for all the leads. As it turned out it was the gateway of 172.16.0.254, under eth0, in /etc/interfaces that was giving me the grief.

Regarding some of the suggestions presented...
- In my case I definitly need the 'auto eth0' (et al) entry in /etc/interfaces. If I don't have it then I get nowhere. This corresponds to my XP system, where if I have disabled my local LAN I can no longer use the PPPoE connection.

- I am able to keep the norfc1918 parameters (in some configs).

- I was able to keep my gateway (PPP peer) dynamic and not have to code it it --- my default gateway does become provided by the pppd daemon so no special config need there.


Here's the details
of my config:
iNet
|
|
=================================
=== Alcatel STHome DSL modem ====
=================================
= ^ =
= | =
= 172.16.0.254 v =
=================================
^ ^
| |
v v
======================================
======== Bering 1.0 Router ===========
======================================
= eth0 ppp0 =
= =
= 172.16.0.1/24 64.39.y.z =
= via STATIC via PPPoE =
= =
= =
= 192.168.0.254/24 =
= via STATIC, 10.0.0.254/24 =
= + DHCP Server via STATIC =
= eth1 eth2 =
======================================
^ ^
| |
v v
Private DMZ Lan
LAN



Note: I decided to create a new zone,
called 'mod', to reflect the
rfc1918 connection between the
router and the DSL modem.


=======================================
</root> # grep -v "#" /etc/network/interfaces
=======================================
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static address 172.16.0.1
masklen 24
broadcast 172.16.0.255

auto ppp0
iface ppp0 inet ppp
pre-up ip link set eth0 up
provider dsl-provider eth0
auto eth1
iface eth1 inet static
address 192.168.0.254
masklen 24
broadcast 192.168.0.255

auto eth2
iface eth2 inet static
address 10.0.0.254
masklen 24
broadcast 10.0.0.255

=======================================
</root> # grep -v "#" /etc/ppp/peers/dsl-provider
=======================================
plugin /usr/lib/pppd/pppoe.so

name "[EMAIL PROTECTED]"

noipdefault
defaultroute

hide-password
lcp-echo-interval 20
lcp-echo-failure 3
connect /bin/true
noauth
persist
mtu 1492

=======================================
</root> # grep -v "#" /etc/ppp/options
=======================================
asyncmap 0
auth
crtscts
lock
hide-password
modem
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
noipx

=======================================
</root> # grep -v "#" /etc/shorewall/zones
=======================================
mod Modem Alcatel DSL Modem via eth0
net Net Internet via ppp0
loc Local Local networks via eth1
dmz DMZ DMZ via eth2

=======================================
</root> # grep -v "#" /etc/shorewall/interfaces
=======================================
net ppp0 - blacklist,routefilter,norfc1918

mod eth0 detect routestopped,blacklist,routefilter

loc eth1 detect routestopped,dhcp

dmz eth2 detect

=======================================
</root> # grep -v "#" /etc/shorewall/policy
=======================================
loc mod ACCEPT

loc net ACCEPT
net all DROP info
all all REJECT info

=======================================
</root> # grep -v "#" /etc/shorewall/rules
=======================================
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
ACCEPT loc fw tcp 22
ACCEPT loc fw udp 53
ACCEPT loc fw tcp 80

=======================================
</root> # grep -v "#" /etc/shorewall/masq
=======================================
ppp0 eth1
eth0 eth1

=======================================
</root> # cat /etc/shorewall/rfc1918
=======================================
<no changes to default Bering setup!>

=======================================
=======================================
Regarding the file:
/etc/shorewall/shorewall.conf

Just make sure that the
setting below is activated:

CLAMPMSS=Yes
=======================================
=======================================

=======================================
</root> # ip addr show
=======================================
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:40:05:5d:7d:4e brd ff:ff:ff:ff:ff:ff
inet 172.16.0.1/24 brd 172.16.0.255 scope global eth0
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:80:c6:f1:c8:c8 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.254/24 brd 192.168.0.255 scope global eth1
5: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:60:67:04:85:97 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.254/24 brd 10.0.0.255 scope global eth2
6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3
link/ppp
inet 64.39.191.110 peer 64.39.160.16/32 scope global ppp0

=======================================
</root> # ip route show
=======================================
64.39.160.16 dev ppp0 proto kernel scope link src 64.39.191.110
10.0.0.0/24 dev eth2 proto kernel scope link src 10.0.0.254
172.16.0.0/24 dev eth0 proto kernel scope link src 172.16.0.1
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.254
default via 64.39.160.16 dev ppp0




-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html