[Techtalk] interfacing ppp0 with eth0 ?

dominik.schramm at gmxpro.net dominik.schramm at gmxpro.net
Fri Jan 2 23:47:24 EST 2004


Hi,

mic <mic at linefeed.org> writes:
> background:
> -debian computer
> -the lan works fine (thanks hamster)

That's great: I have the same background. I also have 
DSL and connect with pppoe.

> #lan
> auto eth1
> iface eth1 inet static
>         address 10.0.0.1
>         netmask 255.0.0.0
>         gateway 10.0.0.1

This doesn't make sense to me. The gateway should be different
from the actual IP address, otherwise it's not a gateway.
I think it's safe to delete the gateway line.
Here's my /etc/network/interfaces:

# The loopback interface
auto lo eth1 eth0
iface lo inet loopback

iface eth0 inet static
   address 10.1.1.1
   netmask 255.0.0.0

iface eth1 inet static
   address 192.168.0.10
   netmask 255.255.255.0

iface ppp0 inet ppp
   provider dsl-provider

Note that I have a static address for both eth0 and eth1!
The only interface that is "ppp" is ppp0!
I read that in some FAQ over two years ago, so I don't know why
any more. (I think it was the DSL HowTo:
http://www.tldp.org/HOWTO/DSL-HOWTO/index.html)

> -su-2.05b# netstat -rn
> Kernel IP routing table
> Destination    Gateway    Genmask          Flags   MSS Window  irtt Iface
> 67.119.11.254  0.0.0.0    255.255.255.255  UH      0   0       0    ppp0
> 10.0.0.0       0.0.0.0    255.0.0.0        U       0   0       0    eth1
> 0.0.0.0        10.0.0.1   0.0.0.0          UG      0   0       0    eth1

Seems okay, but the default route should be via ppp0.
I would try (when connected):
# route del default gw 10.0.0.1
# route add default gw 67.119.11.254 dev ppp0

> ###i then tried:
> -su-2.05b# route add default netmask 255.0.0.0 gw 10.0.0.1
> -su-2.05b# netstat -rn
> Kernel IP routing table
> Destination    Gateway    Genmask          Flags   MSS Window  irtt Iface
> 67.119.11.254  0.0.0.0    255.255.255.255  UH        0 0          0 ppp0
> 0.0.0.0        10.0.0.1   255.0.0.0        UG        0 0          0 eth1

This is not a default route! The genmask should be 0.0.0.0.
Set up like above, this route will only match packets with
destination address 0.x.x.x!

> ###but still get
> -su-2.05b# ping x.x.x.x
> PING x.x.x.x (x.x.x.x) 56(84) bytes of data.
>>From 10.0.0.1 icmp_seq=1 Destination Host Unreachable
> [snip]

I'm pretty sure that's because the gateway is wrong. 

Given the following routing table:
Destination    Gateway    Genmask          Flags   MSS Window  irtt Iface
67.119.11.254  0.0.0.0    255.255.255.255  UH      0   0       0    ppp0
10.0.0.0       0.0.0.0    255.0.0.0        U       0   0       0    eth1
0.0.0.0        10.0.0.1   0.0.0.0          UG      0   0       0    eth1
0.0.0.0        10.0.0.1   255.0.0.0        UG        0 0          0 eth1

When you try to ping 1.2.3.4, the (correct) default route matches,
and the packet is sent to the gateway 10.0.0.1 for further routing.
Since that is the same machine, the kernel tries to send the packet
(according to the second entry in the routing table) via interface
eth1, where only the 10.0.0.0/8 network is available. Hence the 
Host Unreachable message.

> ### alittle more background checks:
>
> -su-2.05b# plog
> Jan  2 13:17:52 feral pppd[832]: Connect: ppp0 <--> /dev/pts/0
> Jan  2 13:17:53 feral pppd[832]: PAP authentication succeeded

> Jan  2 13:17:53 feral pppd[832]: not replacing default route to eth1
> [10.0.0.1]

This seems crucial to me! Why not "replacing default route"?
I think if it were replaced, one of your problems would be solved.

> -su-2.05b# modprobe ipt_MASQUERADE
> -su-2.05b# iptables -F; iptables -t nat -F; iptables -t mangle -F
> -su-2.05b# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> -su-2.05b# echo 1 > /proc/sys/net/ipv4/ip_forward
> -su-2.05b# iptables -t nat -L
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
>
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
> MASQUERADE  all  --  anywhere             anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination

This looks like on my machine with one exception:

> -su-2.05b# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

I don't know if the -o ppp0 is necessary (I don't have it).
Also: I'd add -s 10.0.0.0/8 to only masquerade traffic
that goes from within your private network to the internet
(not the other way).

hope this helps
regards,
dominik

-- 
Dominik Schramm <dominik.schramm at gmxpro.net>
pgp key available via e-mail, HTTP, and FTP from 
http://www.cam.ac.uk.pgp.net/pgpnet/wwwkeys.html



More information about the Techtalk mailing list