PPPoE + Routed subnet

ciphercore · Fri Feb 26, 2010 5:30 pm

Here is what I would like to do:

I would like to have the RB750G act as PPPoE client. Then be able to pass a routed subnet (from PPPoE connection) /30 to a differnet interface. The device behind the RB750 would either have the IP setup static or perhaps I could setup the DHCP server to hand it (routed subnet) out. Can someone point me in the correct way ?

PPPoe in (plus /30) ->RB750G -> /30 (static or DHCP)

ciphercore · Mon Mar 01, 2010 9:32 pm

Any thoughts ? Am I retarded ? Can this be done ?

ciphercore · Mon Mar 01, 2010 9:49 pm

PPPoE client : 1.1.1.105
Routed subnet 1.1.1.104/30
I want to hand 1.1.1.106 out

dog · Mon Mar 01, 2010 10:14 pm

Where is your problem?

Just configure the LAN interface as 1.1.1.105/30 and the PC as 1.1.1.106/30 with GW 1.1.1.105
ROS will start routing automatically.

roadracer96 · Tue Mar 02, 2010 5:06 am

ppp connection 1.1.1.1 to client 1.1.1.2

lan interface on client side of 10.10.10.1/30

add a route on the server side 10.10.10.0/30 gateway 1.1.1.2

itll work automatically whenever the ppp link comes up.

ciphercore · Tue Mar 02, 2010 3:22 pm

Thanks for pointing me in the correct direction. I will be giving it a go later this morning.

ciphercore · Fri Mar 05, 2010 4:57 pm

So I still am having issues. I will list my steps, and hopefully someone can help.

setup -r (to remove default config 88.1/24)
add PPPoE client on ether1 (this gets 66.78.x.105 static) the PPPoe is getting 66.78.x.104/30
add 66.78.x.104/30 to ether2

on my test PC :

66.78.x.106
255.255.255.252
66.78.x105

I cannot ping out via IP or DNS. I am sure I am just missing something. Does ether2 need to be a slave to ether1 ? ANy other thoughts ?

dog · Fri Mar 05, 2010 5:09 pm

So you have:

+-----+        pppoe-out1       +----+ 105 ether2              106 +----+
| ISP |----- 66.78.x.105/32 ----| RB |------ 66.78.x.104/30 -------| PC |
+-----+                         +----+                             +----+

That is a tricky setup as two interfaces have the same IP.
I would then go another way: Instead of giving this public IP to the PC use a simple 1:1 NAT:

/ip fire nat
add chain=srcnat src-addr=192.168.0.101 action=src-nat to-address=66.78.x.106
add chain=dstnat dst-addr=66.78.x.106 action=dst-nat to-address=192.168.0.101

(keep in mind to setup proper firewall filtering)

ciphercore · Fri Mar 05, 2010 5:15 pm

That was what I was thinking (1:1 NAT). I will have to read up a bit more... thanks.

ciphercore · Fri Mar 05, 2010 5:39 pm

This is working great with 1:1 NAT. Currently I have the PPPoE as a static. Is there a way to allow me to use a dynamic IP on the PPPoE ?

Something like:

add chain=srcnat src-addr=192.168.0.101 action=src-nat to-address=pppoe-out1

?

roadracer96 · Fri Mar 05, 2010 7:51 pm

I totally mis-understood your question. LOL!

ciphercore · Fri Mar 05, 2010 8:09 pm

no worries roadracer69, i appreciated the effort.

dog · Sat Mar 06, 2010 12:48 am

There is a way to do this for dynamic IPs BUT:
It will only work for one IP.

/ip fire nat
add chain=srcnat out-interf=pppoe-out1 action=masq
#to create an "exposed host":
add chain=dstnat in-interf=pppoe-out1 action=dst-nat to-addr=192.168.0.101
#or to only forward specific ports
add chain=dstnat dst-address-type=local dst-addr=!192.168.0.1 action=dst-nat to-addr=192.168.0.101 proto=80 dst-port=80

The last rule might look a bit complicated, but that is a little trick necessary so you can do Hairpin NAT.

ciphercore · Mon Mar 08, 2010 3:20 pm

Thanks dog...

I will give this a try sometime today.
thanks

ciphercore · Mon Mar 08, 2010 9:36 pm

This seem to work well. However when adding the last NAT rule

add chain=dstnat dst-address-type=local dst-addr=!192.168.0.1 action=dst-nat to-addr=192.168.0.101 proto=80 dst-port=80

I get an error saying that I need to select tcp or udp if dest port is specified. It does seem to work without this rule... do i need it ?

dog · Mon Mar 08, 2010 9:52 pm

This rule was an example.
You could have either used the last or the one before that.
In general the last one would be more secure as it is only simple port forwarding, the other creates an Exposed Host (you can google that).

Also I made a little typo. Correct would have been:

add chain=dstnat dst-address-type=local dst-addr=!192.168.0.1 action=dst-nat to-addr=192.168.0.101 proto=tcp dst-port=80

ciphercore · Mon Mar 08, 2010 10:05 pm

Dog:

I figured it was an example but wanted to be sure that I understood. It is working exactly as I wanted, now I am just going to add another modem and do some mlppp.

Thank you again, you made my day.

PPPoE + Routed subnet

PPPoE + Routed subnet

Re: PPPoE + Routed subnet

Re: PPPoE + Routed subnet

Re: PPPoE + Routed subnet

Re: PPPoE + Routed subnet

Re: PPPoE + Routed subnet

Re: PPPoE + Routed subnet

Re: PPPoE + Routed subnet

Re: PPPoE + Routed subnet

Re: PPPoE + Routed subnet

Re: PPPoE + Routed subnet

Re: PPPoE + Routed subnet

Re: PPPoE + Routed subnet

Re: PPPoE + Routed subnet

Re: PPPoE + Routed subnet

Re: PPPoE + Routed subnet

Re: PPPoE + Routed subnet