How to dial pppoe when behind firewall?

S

stevovo

Expert Member
Joined
Apr 24, 2008
Messages
1,496
Reaction score
2
Location
Pretoria
Hi,

I have a home network which sort of looks like this:

ADSL modem ------ ubuntu server --------- personal computers

The server has 2 nics; one is going to the ADSL modem and the IP is 192.168.0.2, the other one IP is 10.0.0.100 and connects to the rest of the network. The ADSL modem is 192.168.0.1 and the ISP account is dialing up from the ADSL modem directly.

The firewall is enabled on the server and everything works 100%, except I would like to connect using a different ADSL account from one of the personal computers. This used to work before when the ADSL modem was connected directly to the home computers but since the server was put in between it doesn't work anymore (I haven't changed anything on the modem so bridge mode is still on)

I've also disabled the firewall to see if that helps but still I keep getting error 651 on windows when dialing the pppoe.

I'm sure this scenario should be possible? Any advice?

Thanks

PS let me know if my info is incomplete/cryptic :)
 
PPPoE is Layer2 only. You can't dial it though a normal routed firewall. You will need a transparent firewall if you want to pass PPPoE.
 
Just dial the PPPoE connections from the server. Install Webmin on the box and then you can do it via the web interface.
 
DrJohnZoidberg said:
Just dial the PPPoE connections from the server. Install Webmin on the box and then you can do it via the web interface.
Click to expand...

How many PPPoE connections can you do with Webmin?

With Smoothwall you can store a max of 5 preconfigured PPPoE accounts. Only one can be active though.
 
The_Librarian said:
How many PPPoE connections can you do with Webmin?

With Smoothwall you can store a max of 5 preconfigured PPPoE accounts. Only one can be active though.
Click to expand...

Have no idea, never used webmin for this purpose but I see there is an ADSL module.

From the sounds of it OP already has the Ubuntu server for some purpose, I'm guessing he doesn't want to install a new firewall distro on it. Otherwise I would have recommended pfSense :D
 
DrJohnZoidberg said:
Just dial the PPPoE connections from the server. Install Webmin on the box and then you can do it via the web interface.
Click to expand...

The only reason I don't want to do that is because the PPPoE is only a 1 GB prepaid that I'm gonna use maybe once a day or once a week to test the line speed / latency with another account.


Nuke said:
PPPoE is Layer2 only. You can't dial it though a normal routed firewall. You will need a transparent firewall if you want to pass PPPoE.
Click to expand...

I've turned off the firewall completely and it still doesn't work. All the iptables policies are also set to accept. Is there something else I need to do?
 
stevovo said:
The only reason I don't want to do that is because the PPPoE is only a 1 GB prepaid that I'm gonna use maybe once a day or once a week to test the line speed / latency with another account.




I've turned off the firewall completely and it still doesn't work. All the iptables policies are also set to accept. Is there something else I need to do?
Click to expand...

Install a 2nd nic in your PC, don't configure it with an IP address (or a dummy IP address not on your network range) and connect that nic directly to your router.
Your PPPoE should be able to figure out how to use that to dial out
 
stevovo said:
I've turned off the firewall completely and it still doesn't work. All the iptables policies are also set to accept. Is there something else I need to do?
Click to expand...

I dont think you understand what he said. Your firewall is a routed hop, your PADI request sent to a broadcast layer 2 address which is usually answered by a BRAS device / Server etc.

With a layer 3 hop in between, the broadcast will never reach the BRAS / Server and never be responded to.
 
@stevovo, it is like the other above said. PPPoE function on layer2, and by having the Ubuntu server in between, you separated the layer2 domain into, well 2 separate layer 2 domains.

There is however a way to make it work, and the last time I did it, it was a bit flakey but worked most of the time. You need to run an extra service on the the Ubuntu server, that will relay PPPoE packets between the 2 NICs. That will take the PPPoE packets and forward them between the 2 devices.

Examples are:
- pppoe-relay : http://linux.about.com/library/cmd/blcmdl8_pppoe-relay.htm
- rp-pppoe-relay : https://github.com/pld-linux/rp-pppoe/blob/master/rp-pppoe-relay.init

I can only point you in the right direction and not help you, unfortunately it was 10 years ago I last used something like pppoe-relay, I can't even remember what I did. Nowadays I just find it easier to use a mikrotik router, dial multiple pppoe sessions from there and use mangle rules to route different pcs over different connections, with fall-through rules if I disable specific pppoe connections ect.
 
...or plug the modem into the same network as your PC. That'll work.

/hides
 
syntax said:
I dont think you understand what he said. Your firewall is a routed hop, your PADI request sent to a broadcast layer 2 address which is usually answered by a BRAS device / Server etc.

With a layer 3 hop in between, the broadcast will never reach the BRAS / Server and never be responded to.
Click to expand...

Thanks I'm starting to understand now what's going on.

Tinuva said:
@stevovo, it is like the other above said. PPPoE function on layer2, and by having the Ubuntu server in between, you separated the layer2 domain into, well 2 separate layer 2 domains.

There is however a way to make it work, and the last time I did it, it was a bit flakey but worked most of the time. You need to run an extra service on the the Ubuntu server, that will relay PPPoE packets between the 2 NICs. That will take the PPPoE packets and forward them between the 2 devices.

Examples are:
- pppoe-relay : http://linux.about.com/library/cmd/blcmdl8_pppoe-relay.htm
- rp-pppoe-relay : https://github.com/pld-linux/rp-pppoe/blob/master/rp-pppoe-relay.init

I can only point you in the right direction and not help you, unfortunately it was 10 years ago I last used something like pppoe-relay, I can't even remember what I did. Nowadays I just find it easier to use a mikrotik router, dial multiple pppoe sessions from there and use mangle rules to route different pcs over different connections, with fall-through rules if I disable specific pppoe connections ect.
Click to expand...

I'll definitely look into that. Otherwise the other plan I was thinking was to dial the pppoe connection from the server directly and forward all traffic from a specific ip address on the network over the new connection while the other computers can carry on using the connection setup on the ADSL modem.

I'm sure that should be possible, but I dunno how to actually tell the server to route a specific ip over the ppp0 interface? Must be the route command maybe?
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X