Complex Routing/Dialup Setup
Rusty Carruth
plug-discuss@lists.PLUG.phoenix.az.us
Wed, 16 May 2001 18:20:49 -0700 (MST)
> On Fri, May 18, 2001 at 05:31:14AM -0700, Armin Hartinger wrote:
> > Hi all,
> >
> > Here's what I have:
> > I have a modem dialup to work to get behind the firewall.
> > I have a broadband internet access (when it works).
> >
> > Here's what I want:
> > My default internet access should be broadband. Only if I try to
Ok, so you want default route to be through the broadband thingy.
> > access/receive from a box with IP starting of the format 172.x.x.x
So you want an explicit route to the 172.x.x.x network.
> > (that'd be a company box behind the firewall) it should perform all
> > traffic for those via the dial-up.
> > DNS for the dialup isn't really an issue, but wouldn't hurt.
Well, if you have a DNS server behind the dialup, and you tell your
/etc/resolv.conf file to use that dns server if the other (2, I assume)
don't know who you're looking for, then that should take care of
that part.
> > The company dialup is via NT RAS. I got it to work quite alright via PAP
> > but then all internet traffic runs via the dial-up which isn't so
> > great as I share the access with the rest of my family and their PCs.
Take out the 'defaultroute' option on the dialup ppp optoins.
> > Security is of course an issue as well, as I don't want to compromise
> > my company's firewall. I use an external modem and I plan to switch it
> > *off* whenever I don't use the access. Additionally, i should be able
> > to write a proper IPCHAINS or IPTABLES rule.
There was a cute script for doing iptables. Unfortunately, I cannot find it.
Send me an email offlist and I'll try to find it and forward it to you...
> > My main problem is the "selective" routing ...
First, like I said, take out the defaultroute option from your pppd script/opts
Then, dial in.
Then add a route (using 'route add ...') to the 172 network.
(Optional - add something like:
nameserver 172.89.2.1
to the END of your /etc/resolv.conf file. )
And all but security is done. I'll let J Francios take over there... ;-)