Hi,
I have built a mini DSLAM system, which has a few PPPoE connections going to my Fedora Server. It currently works OK, except I need to work out the final issue. It is still in test mode. I have 2 Ethernet cards, eth0 goes to the internet, and eth1 goes to the DSLAM.

On eth1 network is the DSLAM only with a single managment IP address. All customers connect over the DSLAM to the Linux server using PPPoE. Each customer is allocated a fixed IP address by the server.

I have a range of IPs, example (200.100.100.0) C class. The IPs for the customers are to be allocated from this range, and there are IPaddress for the 2 ethernet cards, and DSLAM. I would like something like this:
200.100.100.1 = eth0
200.100.100.2 = eth1
200.100.100.3 = DSLAM
200.100.100.4....250 = customer fixed PPPoE assigned IPs.

The question how to I set up routing through the Linux box? I currently have the 2 LAN cards on totally different network addresses(200.100.100.0 & 60.50.40.0), but his was only for testing only. Should I have the second eth1 card subnetted? Should I use bridging? The main purpose is not to waste IP addresses.


Thank you.

The question how to I set up routing through the Linux box?

The way I do this, there are 2 things to be done :-

- Forward packets between the interfaces (flag in /proc/sys/net)
- Perform NAT mangling on pass-through packets so that they remain routable on the new network.

The latter is performed by iptables. Look through the man page, paying particular attention to the MASQUERADE target.

Then, any IP host that is using this box as a default gateway will get NAT access to the other interface.

I currently have the 2 LAN cards on totally different network addresses(200.100.100.0 & 60.50.40.0), but his was only for testing only. Should I have the second eth1 card subnetted?

It's *easiest* if you have your NICs set up on different subnets - but you could set them up on the same subnet with a bit of cleverness with the routing table.

Should I use bridging?

No. Bridging works best when you're trying to be completely transparent - and that's clearly not what you want to be.

The main purpose is not to waste IP addresses.

Have you thought about running your customer end on private IP space? 10.0.0.0/8 gives you a lot of IP addresses that you are perfectly entitled to use...

Vic.

Thank you.

Hi ccrvic,

Thank you for your help.

I would like to ask a networking question to help with this.
If I had 128 IP addresses, could I divide this into 2 groups of 8 and 120 using subnetts, and have the first 8 subnett goto the sever through eth0, and the second subnet routed through the first onto the second eth1 network?

'Have you thought about running your customer end on private IP space?'

I want to give each adsl user a public IP address.

Thanks.

If I had 128 IP addresses, could I divide this into 2 groups of 8 and 120 using subnetts

You can; how difficult it is depends on what the addresses are :-)

Typically, if you've got 128 IP addresses, they'll be contiguous addresses starting on a boundary divisible by the number you've got. So subnetting them will give you half in one subnet, half in the other...

It would be possible to split your nets several times, to give you one subnet of 8 addresses, and four subnets of 8, 16, 32, and 64 addresses respectively. But it's not pretty, and nor is it efficient - you'll "lose" IP addresses as you allocate them for broadcast and network on each subnet; I don't think I'd do this.

and have the first 8 subnett goto the sever through eth0, and the second subnet routed through the first onto the second eth1 network?

In the scheme I've described above, you could have the first subnet going to one interface, and all the others going to the second.

'Have you thought about running your customer end on private IP space?'

I want to give each adsl user a public IP address.

Righto.

Vic.