Thanks Lonnie
Yes to both questions.
Hmm that is all way too much custom config for me.
I think I am going to look for other providers and In the mean time I will just
use the SNAT Plugin for port forwarding and use the dynamic address with
dynamic DNS for access to the box.
Thanks so much for your help.
Regards
Michael Knill
On 26/7/20, 11:48 pm, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote:
Hi Michael,
So the static /30 is routed via your dynamic PPPoE IPv4 address to your box
?
So anywhere internally you can hang your /30 ?
Off the top of my head, in /mnt/kd/rc.elocal, you could play with something
like:
--
modprobe dummy numdummies=0
ip link add name ip4net type dummy
ip addr add 1.2.3.4/30 dev ip4net
ip link set dev ip4net up
--
where 1.2.3.4/30 is your assigned static subnet.
While this can be done in /mnt/kd/rc.elocal, the trick will be getting this
new ip4net interface to be supported by the firewall. Services that bind to
0.0.0.0 should pass ip4net traffic if the firewall allows it.
Additionally you don't want ip4net traffic to be NAT'ed via ppp0 I suspect.
A couple /mnt/kd/arno-iptables-firewall/custom-rules should do the trick.
Be careful since ip4net consists of publicly routable addresses via ppp0, no
NAT isolation.
Hope this helps.
Lonnie
> On Jul 25, 2020, at 11:47 PM, Michael Knill
<michael.kn...@ipcsolutions.com.au> wrote:
>
> Ok I can confirm that PPPoE is only a single dynamic connection. The SNAT
plugin seems to work fine.
>
> The problem I have is that I'm not sure how I can assign this address on
the local box so I can ping it externally and use it for remote access. It
needs to be an EXT interface somehow.
> Any ideas?
>
> Regards
> Michael Knill
>
> On 23/7/20, 12:22 pm, "Michael Knill" <michael.kn...@ipcsolutions.com.au>
wrote:
>
> Yep its certainly a bit strange.
> 1) Yes completely different although the /30 is actually 4 useable
addresses as it's a PPP connection.
> 2) No I'm fairly certain that PPP can only allocate a single IP
Address which is the dynamic one. I would need to add the additional addresses
to ppp0 once its up.
> Note this is a routed range so I think it could be assigned to
internal devices and/or Astlinux local interface with NAT used to determine the
address that is source NAT'd for external traffic.
>
> Hmm may need to play with the SNAT plugin and let you know.
>
> Regards
> Michael Knill
>
> On 22/7/20, 11:31 pm, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com>
wrote:
>
>
>> On Jul 22, 2020, at 6:31 AM, Michael Knill
<michael.kn...@ipcsolutions.com.au> wrote:
>>
>> Hi Group
>>
>> I have moved to a carrier that only provides a dynamic PPPoE address and
if you want a static address they add a /30 routed range.
>> Just wondering how I configure this in Astlinux? Do I use EXTIP_ALIAS?
How do I use this address for outgoing Source NAT?
>
> Hi Michael,
>
> For all these years, I have not heard of such a PPPoE
configuration. Are you sure you need a static IP :-)
>
> The EXTIP_ALIAS would not apply since that is for physical
interfaces, not PPPoE.
>
> Questions:
> 1) Is the /30 route completely different from the assigned dynamic
/32 IPv4 ?
>
> 2) Does the PPPoE connection, via the underlying PPP connection,
automatically add the /30 as a route and associated with the ppp0 interface ?
OR, is this a static route and address that needs to be manually added to ppp0
after the PPPoE connectioin is up ?
> --
> ip addr show dev ppp0
>
> ip route show dev ppp0
> --
> (sanitize any public IPs)
>
>
> AstLinux has a firewall Outbound SNAT plugin that will SNAT
outbound traffic from select internal IPs/CIDRs, this may work for you.
>
> The added problem here is since PPPoE can destroy and create the
ppp0 interface, any associated static routes and firewall rules will be lost on
a PPPoE restart, so that needs to be kept in mind.
>
> Lonnie
>
>
>
>
>
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal
to pay...@krisk.org.
>
>
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
>
>
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
