We have a few PPPoE modems which are currently plugged directly into a physical install. We'd like to move this over to a virtual install and/or using CARP.
I had originally looked around for some vdsl modems but none of them seem to run well, and cost a lot, so instead we've bought some small dual nic units to run pfsense/opnsense on and plug the modem into that.
What I need to do now is forward all traffic from this install to the main one(s) which will be virtual.
Currently got some spare hardware to mock this up, so these settings are as we're testing...
(http://i.imgur.com/OGQGlDT.png)
(excuse the pfsense, currently testing/migrating)
As far as I thought, I would setup a gateway on the router connected to the modem, to the main box 172.16.20.2 and then set a static route on this. But im a bit lost at what I do for the destination network to forward all traffic when incoming from the internet. I've tried 0.0.0.0/0, the real internet IP, and the internal network address 192.168.1.1/24 but none seem to work.
If I was lazy I could do 1:1 NAT, but this seems rough, unless im wrong and its the only way I can get this to work?
Salü fatalfuuu
It's not clear what you really want to do. So you have two DSL modems, which both have Internet connectivity? Do you want a failover scenario, or want split some traffic?
gruss ivo
You could ignore the second router (.21.1) for now.
We want to move the main install virtual and connect a small physical router to the modem so the virtual server isnt using pppoe. The below works for output, but we want to route all traffic from the router connected to the modem, to the main virtualised router by default (without NAT I suppose is the best... hence this question).
Hmm... just 1:1 NAT the Modem-WAN IP to their respective Router Target IP. This takes care of incoming traffic. Outgoing traffic fixes itself when DHCP propagates the correct gateway (or it is set manually).
If you have .2.21 active, you will need to deal with Multi-WAN in the main router, too, but that's basically it unless I'm missing something?
Cheers,
Franco
Salü fatalfuuu
From the routing perspective, you need to add on the router 172.16.20.1 a new gateway "172.16.20.2" and a new route:
Destination network: 192.168.1.0/24
Gateway: 172.16.20.2 (created before)
On the Main Router you just have to add 172.16.20.1 as default gateway and allw the traffic the expected traffic
gruss ivo
Quote from: franco on September 22, 2016, 05:32:13 PM
Hmm... just 1:1 NAT the Modem-WAN IP to their respective Router Target IP. This takes care of incoming traffic. Outgoing traffic fixes itself when DHCP propagates the correct gateway (or it is set manually).
If you have .2.21 active, you will need to deal with Multi-WAN in the main router, too, but that's basically it unless I'm missing something?
Cheers,
Franco
I can do 1:1 NAT now, after making a mistake, I was wondering if I could route this instead as it seems proper. I can deal with MultiWAN okay. My problem with 1:1 NAT is when using CARP, I have a VIP for the wan side of the main virtual routers, but I cannot NAT to that IP (I can directly to the interface address though). CARP on LAN side working okay when testing. This is another problem I have not pursued much yet as im trying to do the routing first.
Quote from: ivoruetsche on September 23, 2016, 09:23:06 AM
Salü fatalfuuu
From the routing perspective, you need to add on the router 172.16.20.1 a new gateway "172.16.20.2" and a new route:
Destination network: 192.168.1.0/24
Gateway: 172.16.20.2 (created before)
On the Main Router you just have to add 172.16.20.1 as default gateway and allw the traffic the expected traffic
gruss ivo
The gateway part is/was done first, my problem was when adding the route. Since this is from the internet to our network, whatever comes from the outside isn't trying to access 129.168.1.0/24, it thinks its destined for the WAN IP (public IP range). Maybe I'm over thinking this and actually didn't try it.
Thanks for the replies
Quote from: ivoruetsche on September 23, 2016, 09:23:06 AM
Salü fatalfuuu
From the routing perspective, you need to add on the router 172.16.20.1 a new gateway "172.16.20.2" and a new route:
Destination network: 192.168.1.0/24
Gateway: 172.16.20.2 (created before)
On the Main Router you just have to add 172.16.20.1 as default gateway and allw the traffic the expected traffic
gruss ivo
I've reset my test machines and tried this approach with these settings with no luck. I wouldn't expect them though as the destination network of the incoming requests will not be an internal range. Since this is the incoming internet traffic we want to pass in to the next router. I would have thought 0.0.0.0/0 would have done that but it wont let me.
I've figured out the 1:1 NAT problem.
When I setup a NAT rule I select WAN, the destination here default sets to "WAN address" which I guess does not include the VIP. I tested this with "WAN Net" and it worked then noticed it enters the CARP VIP for WAN in the list automatically.
(EDIT) This doesn't help with routing though, I had already tested that direct without using a VIP anyway.