Re: [Shorewall-users] Multiple public IPs, same IP in LAN and PPPoE client ?

Tue, 06 Sep 2011 02:37:38 -0700 

> Possibly OT since this may or may not involve Shorewall - it largely
> depends on what I can get to work !
>
> I need to setup a router on an ASDL line where multiple IPs are
> provided by the ISP.
>
> Hardware wise, we'd probably use a Linksys WRT54GL running OpenWRT
> and a Draytek Vigor 120 modem - we've used these before, but hardware
> is largely "whatever will do the job". But, the IP provided by the
> ISP to the PPPoE client is one of those AND all the connected devices
> must be on public IPs - so I need some sort of "bridged" setup.
>
> Eg, the customers allocation is 192.0.2.0/27, 192.0.2.1 is given to
> the PPP client by the ISP, and the attached devices must be on
> 192.0.2.2/27 and so on (each device is a router/firewall itself). The
> end result we need is that we present an ethernet port where the
> attached devices only need to know that 192.0.2.1/27 is the gateway.
>
> This seems to be the most common setup supplied by UK ADSL providers.
> It's not been a problem where everything is NATted, but we're really
> struggling to find a setup that works reliably without NAT.
>
> AFAICT, because the upstream is a PPP link, bridges and proxy-ARP are out.

I'm afraid I don't really understand all details and also I don't have any
experience with ADSL/PPPoE stuff. But I have something using Cable here
which looks a bit similar so maybe you could try like so:

on the firewall:
ppp0 is 192.0.2.1/32
eth0 is 192.168.1.1/24
default gw is via ppp0 (don't know exactly how this looks like with ppp)

then do proxyarp with shorewall on the firewall:
192.0.2.2  eth0  ppp0
192.0.2.3  eth0  ppp0
192.0.2.4  eth0  ppp0

now connect clients to eth0 and configure them like this (yes, I know "ip"
is there...):

ifconfig eth0:
eth0      Link encap:Ethernet  HWaddr 00:5C:A4:4D:81:5A
          inet addr:192.0.2.2  Bcast:192.0.2.2  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

route -n:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 eth0


Sorry if this is completely nonsense for what you try to do :)

Simon


------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better 
price-free! And you'll get a free "Love Thy Logs" t-shirt when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to