Search This Blog

Tuesday, December 04, 2007

Re: routing problem

Hello,

Alexandr Shurigin a écrit :
> ok example
>
> ethrnet ip / gateway 87.224.234.XX / 87.224.234.1(metric 10)
>
> pppoe exaple ip(every reconnect are ifferent ip and gateways) =
> 212.122.43.12 / 212.122.43.6(metric 1)
>
> i want allow users be available to work with 87.224.234.XX .
>
> similar proble with two ethernet cards. which can be resolved with
[advanced routing as usual]

A similar method will work with a PPP link.

> but for this method i must know gateway of any device. but it is different
> every connect pppoe :(

Actually the gateway information is mostly irrelevant on a point to
point link. The interface name is what really matters : anything you
send on a PPP link goes to the peer (the "gateway") anyway. So

ip route add default via 212.122.43.6 dev ppp0

and

ip route add default dev ppp0

are equivalent.

Besides, I believe you don't really need a dedicated routing table for
the PPP link. Just leaving the PPP default route in the main routing
table (created by the 'defaultroute' pppd option) and using a dedicated
routing table for the ethernet interface should work fine.

However if you really want a dedicated routing table for the PPP link,
the routes and rules related to the PPP interface and address have to be
created every time the PPP session is established and deleted when the
session terminates. This can be done in executable shell scripts placed
in /etc/ppp/ip-up.d/ and /etc/ppp/ip-down.d/, in which you can use
variables containing the interface name, local and remote addresses...
See the /etc/ppp/ip-up and /etc/ppp/ip-down scripts for details. E.g. :

/etc/ppp/ip-up.d/routing :
#!/bin/sh
ip route add default dev $PPP_IFACE table PPP
ip route add $PPP_REMOTE dev $PPP_IFACE table ETH1
ip rule add from $PPP_LOCAL pri 200 table PPP
iptables -t nat -A POSTROUTING -o $PPP_IFACE -j SNAT --to $PPP_LOCAL

/etc/ppp/ip-down.d/routing :
#!/bin/sh
ip rule del from $PPP_LOCAL pri 200 table PPP
# no need to remove routes related to the PPP interface, they are
# automatically deleted when the interface goes down
iptables -t nat -D POSTROUTING -o $PPP_IFACE -j SNAT --to $PPP_LOCAL


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)