Hi,
I have a problem which I am not sure what right solution should be used to solve it ...
I am switching to a fiber connection which is delivered over PPPoE.
That connection creates one external IP. We need more so we have ordered 5 ...
Now how do I make it work?
I was thinking that setting up a box in bridge mode would work, though I tried to follow this:
https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_o_clearbox_as_a_transparent_inline_bridge
It does not seem to work for me.
Having ppp interface may have played a role in me configuring it wrong.
The PPPoE once configured gets 2.8.161.137 ip. then we have 2.8.161.137-41.
So idea is to bridge two ports connected it to the switch and have other servers which need external ips to connect to that with 2.8.161.137 as gateway address.
Once I configured it as per below the connection on the second port ( enp3s0 ) went out
Any idea how to do it correctly, or is there a better easier way to do it?
Thanks,
/etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
TYPE="Bridge"
ONBOOT="yes"
USERCTL="no"
BOOTPROTO="static"
STP="on"
IPADDR="2.8.161.137"
NETMASK="255.255.248.0"
GATEWAY="2.8.161.137"
The ppp is connected to network port enp2s0 the second port is enp3s0
/etc/sysconfig/network-scripts/ifcfg-enp2s0
DEVICE=enp2s0
BOOTPROTO="none"
ONBOOT="no"
/etc/sysconfig/network-scripts/ifcfg-enp3s0
DEVICE=enp3s0
TYPE="Ethernet"
ONBOOT="yes"
USERCTL="no"
BRIDGE=br0
When I run
ifdown br0 && sleep 2 && ifdown enp3s0 && sleep 2 && ifup enp2s0 && sleep 2 && ifup br0
I get:device enp3s0 is not a slave of br0
and in the log:
Feb 6 20:00:46 router-01 systemd: firewall.service failed.
Feb 6 20:00:46 router-01 clearsyncd[643]: FirewallRestart: sudo /sbin/service firewall restart: 256
Feb 6 20:01:29 router-01 kernel: e1000e: enp3s0 NIC Link is Down
Feb 6 20:01:29 router-01 kernel: device enp3s0 left promiscuous mode
Feb 6 20:01:29 router-01 kernel: br0: port 1(enp3s0) entered disabled state
Feb 6 20:01:36 router-01 kernel: IPv6: ADDRCONF(NETDEV_UP): br0: link is not ready
I have a problem which I am not sure what right solution should be used to solve it ...
I am switching to a fiber connection which is delivered over PPPoE.
That connection creates one external IP. We need more so we have ordered 5 ...
Now how do I make it work?
I was thinking that setting up a box in bridge mode would work, though I tried to follow this:
https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_o_clearbox_as_a_transparent_inline_bridge
It does not seem to work for me.
Having ppp interface may have played a role in me configuring it wrong.
The PPPoE once configured gets 2.8.161.137 ip. then we have 2.8.161.137-41.
So idea is to bridge two ports connected it to the switch and have other servers which need external ips to connect to that with 2.8.161.137 as gateway address.
Once I configured it as per below the connection on the second port ( enp3s0 ) went out
Any idea how to do it correctly, or is there a better easier way to do it?
Thanks,
/etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
TYPE="Bridge"
ONBOOT="yes"
USERCTL="no"
BOOTPROTO="static"
STP="on"
IPADDR="2.8.161.137"
NETMASK="255.255.248.0"
GATEWAY="2.8.161.137"
The ppp is connected to network port enp2s0 the second port is enp3s0
/etc/sysconfig/network-scripts/ifcfg-enp2s0
DEVICE=enp2s0
BOOTPROTO="none"
ONBOOT="no"
/etc/sysconfig/network-scripts/ifcfg-enp3s0
DEVICE=enp3s0
TYPE="Ethernet"
ONBOOT="yes"
USERCTL="no"
BRIDGE=br0
When I run
ifdown br0 && sleep 2 && ifdown enp3s0 && sleep 2 && ifup enp2s0 && sleep 2 && ifup br0
I get:device enp3s0 is not a slave of br0
and in the log:
Feb 6 20:00:46 router-01 systemd: firewall.service failed.
Feb 6 20:00:46 router-01 clearsyncd[643]: FirewallRestart: sudo /sbin/service firewall restart: 256
Feb 6 20:01:29 router-01 kernel: e1000e: enp3s0 NIC Link is Down
Feb 6 20:01:29 router-01 kernel: device enp3s0 left promiscuous mode
Feb 6 20:01:29 router-01 kernel: br0: port 1(enp3s0) entered disabled state
Feb 6 20:01:36 router-01 kernel: IPv6: ADDRCONF(NETDEV_UP): br0: link is not ready
Share this post:
Responses (8)
-
Accepted Answer
-
Accepted Answer
Sorry but I'm not familiar with the detailed DMZ set up, just the outline concept. It does require a separate NIC, but I don't know if it needs to have its own LAN subnet as well as giving the devices in the DMZ public IP's. Perhaps not. It looks like the doc Tony linked to is very similar in that it also uses a DMZ for the extra IP's. -
Accepted Answer
Does this similar to what you are trying to do?
http://community.nethserver.org/t/pppoe-on-teksavvy-with-optional-30-subnet/2908 -
Accepted Answer
Hi Nick,
The setup I have been trying in the first place is Transparent In-line Bridge, which works ok but not with pppoe as per my original message.
Maybe I am wrong but if I have two interfaces on the box ( in a stand alone mode ) and setup the static routing then why would that not work as a router?
I am referring to just the routing part of traffic in and out with nothing else which is what I need.
If I use the DMZ how would I route it? my wan and Lan would be on the same subnet?
Thanks again. -
Accepted Answer
There is something called a Transparent In-line Bridge but I don't really know much about it and it has not appeared much on the forum. I don't know if it will help.
Standalone with or without the firewall is just for that - standalone. It does not give you any routing so you can't use it as a router.
What is the issue with 1-to-1 NAT?
Before 1-to-1 NAT existed the alternative was to create virtual interfaces and give them the external IP's. I don't know how you can do this with PPPoE and I don't think it would give you any more than 1-to-1 NAT.
A possible alternative could be to make your LAN (or one NIC) into into a DMZ and then give the relevant machines the fixed IP's. No guarantees this will work. -
Accepted Answer
Thanks Nick
The WAN interface if PPPoE. The PPPoE is giving us always the same IP. So that works ok.
I would like to avoid the 1to1 Nat app if possible.
How about setting the machine up as a standallone with not firewall?
External interface would do the PPPoE (2.8.161.137) LAN could have 2.8.161.138 and that leaves me with 4 more ips to work with.
Do you see any issues with that? How about routing ?
Thanks again. -
Accepted Answer
I have a feeling you're going down a blind alley on this one.
I think the way to do it is to switch your modem to bridge mode and change the ClearOS WAN interface type to PPPoE. My only concern here is how to then fix the WAN IP of the interface if it is not assigned by PPPoE.
Then to get the rest of your IP's, use the 1-to-1 NAT app. -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »