Complex Routing/Dialup Setup

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Rusty Carruth
Date:  
New-Topics: Email conversion Eudora 5.0 to ?
Subject: Complex Routing/Dialup Setup
> On Fri, May 18, 2001 at 05:31:14AM -0700, Armin Hartinger wrote:
> > Hi all,
> >
> > Here's what I have:
> > I have a modem dialup to work to get behind the firewall.
> > I have a broadband internet access (when it works).
> >
> > Here's what I want:
> > My default internet access should be broadband. Only if I try to


Ok, so you want default route to be through the broadband thingy.

> > access/receive from a box with IP starting of the format 172.x.x.x


So you want an explicit route to the 172.x.x.x network.

> > (that'd be a company box behind the firewall) it should perform all
> > traffic for those via the dial-up.
> > DNS for the dialup isn't really an issue, but wouldn't hurt.


Well, if you have a DNS server behind the dialup, and you tell your
/etc/resolv.conf file to use that dns server if the other (2, I assume)
don't know who you're looking for, then that should take care of
that part.

> > The company dialup is via NT RAS. I got it to work quite alright via PAP
> > but then all internet traffic runs via the dial-up which isn't so
> > great as I share the access with the rest of my family and their PCs.


Take out the 'defaultroute' option on the dialup ppp optoins.

> > Security is of course an issue as well, as I don't want to compromise
> > my company's firewall. I use an external modem and I plan to switch it
> > *off* whenever I don't use the access. Additionally, i should be able
> > to write a proper IPCHAINS or IPTABLES rule.


There was a cute script for doing iptables. Unfortunately, I cannot find it.
Send me an email offlist and I'll try to find it and forward it to you...

> > My main problem is the "selective" routing ...



First, like I said, take out the defaultroute option from your pppd script/opts

Then, dial in.

Then add a route (using 'route add ...') to the 172 network.

(Optional - add something like:

nameserver 172.89.2.1

to the END of your /etc/resolv.conf file. )

And all but security is done. I'll let J Francios take over there... ;-)