pppoe gateway routing problems

jvannucci · 06-25-2003, 03:41 PM

Hi all,

I'm having trouble setting a Linux host up as a PPPoE gateway to my DSL account. My existing network configuration works fine:

PPPoE aware router (gets external IP via DHCP from ISP; internal IP is 192.168.0.1) ---->

Linux host (darkstar) dual-homed (192.168.0.4 and 192.168.1.4). --->

Linux host (zen) 192.168.1.2.

There's more, but this is all that's pertinent. My route statement on darkstar is:

Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 | 0.0.0.0 | 255.255.255.0 | U | 0 | 0 | 0 | eth0
192.168.0.0 | 0.0.0.0 | 255.255.255.0 | U | 0 | 0 | 0 | eth1
127.0.0.0 | 0.0.0.0 | 255.0.0.0 | U | 0 | 0 | 0 | lo
0.0.0.0 | 192.168.0.1 | 0.0.0.0 | UG | 0 | 0 | 0 | eth1

As you can see, the default gateway is the router.

zen's route statement is:

Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 | 0.0.0.0 | 255.255.255.0 | U | 0 | 0 | 0 | eth0
127.0.0.0 | 0.0.0.0 | 255.0.0.0 | U | 0 | 0 | 0 | lo
0.0.0.0 | 192.168.1.4 | 0.0.0.0 | UG | 0 | 0 | 0 | eth0

zen's default gateway is darkstar.

This all works great. Now I'm playing with removing the router and just using darkstar connected directly to the DSL modem. I know there's a lot of security I need to deal with, and I'm OK with that. I have a fair amount of experience.

I've set up rp-pppoe on darkstar, which has given me a configuration for ppp0 that looks like:

USERCTL=yes
BOOTPROTO=dialup
NAME=DSLppp0
DEVICE=ppp0
TYPE=xDSL
ONBOOT=no
PIDFILE=/var/run/pppoe-adsl.pid
FIREWALL=NONE
PING=.
PPPOE_TIMEOUT=999999
LCP_FAILURE=3
LCP_INTERVAL=80
CLAMPMSS=1412
CONNECT_POLL=6
CONNECT_TIMEOUT=60
DEFROUTE=yes
SYNCHRONOUS=no
ETH=eth1
PROVIDER=DSLppp0
USER=<myusername>
PEERDNS=no

Now, I'm not sure, but I think I should remove my setup for eth1, since ppp0 uses it. So, zen doesn't change at all. darkstar changes in that eth1 is no longer setup with a static IP (or any IP). ppp0 is set up instead. eth0 still connects as before to the 192.168.1.0/24 internal network.

Here's the output of darkstar's ifconfig and route:

eth0 Link encap:Ethernet HWaddr 00:01:02:BE:AA:2A
inet addr:192.168.1.4 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5089 errors:0 dropped:0 overruns:0 frame:0
TX packets:5010 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:891657 (870.7 Kb) TX bytes:796655 (777.9 Kb)
Interrupt:11 Base address:0xc400

eth1 Link encap:Ethernet HWaddr 00:08:74:BC:8F:48
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:33 errors:0 dropped:0 overruns:0 frame:0
TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
collisions:1 txqueuelen:100
RX bytes:3869 (3.7 Kb) TX bytes:1918 (1.8 Kb)
Interrupt:5 Memory:ed000000-ed001080

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:588 errors:0 dropped:0 overruns:0 frame:0
TX packets:588 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:65503 (63.9 Kb) TX bytes:65503 (63.9 Kb)

ppp0 Link encap:Point-to-Point Protocol
inet addr:nnn.nnn.nnn.nnn P-t-P:nnn.nnn.nnn.254 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:17 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:2366 (2.3 Kb) TX bytes:812 (812.0 b)

Destination Gateway Genmask Flags Metric Ref Use Iface
nnn.nnn.nnn.254 | 0.0.0.0 | 255.255.255.255 | UH | 0 | 0 | 0 | ppp0
192.168.1.0 | 0.0.0.0 | 255.255.255.0 | U | 0 | 0 | 0 | eth0
127.0.0.0 | 0.0.0.0 | 255.0.0.0 | U | 0 | 0 | 0 | lo
0.0.0.0 | nnn.nnn.nnn.254 | 0.0.0.0 | UG | 0 | 0 | 0 | ppp0

With this setup I've eliminated the router completely and I can ping internal and external hosts from darkstar. zen can ping only internal hosts. This is the problem. Why can't a host on the internal network that has darkstar as the default gateway ping external (internet) hosts?

By the way, for this discussion ignore name resolution. darkstar runs a DNS server, but all testing has been done using IP addresses.

I've also tried giving eth1 an IP address on the internal network, although that didn't seem to make much sense. Didn't have any effect.

camelrider · 06-26-2003, 12:48 AM

I didn't see any mention of IPMASQ or IP_FORWARD (?)

jvannucci · 06-26-2003, 06:40 PM

Sorry, darkstar has IP forwarding enabled.