?
Solved

PPPOE with 2 adsl modems in bridge mode on CENTOS 5.1 server?

Posted on 2008-11-11
9
Medium Priority
?
2,093 Views
Last Modified: 2013-11-12
Hi,

The setup: CENTOS 5.1 with Asterisk server <-subnet 1-><-Mikrotik Router-><-subnet2-><ADSL Modem1>
                                                            -><-Mikrotik Router-><-subnet3-><ADSL Modem2>

I wish to use PPPOE on the CENTOS 5.1 server so as to ensure the Asterisk is effectively not behind a NAT.
The Linux CENTOS 5.1 server should do the PPPOE dialup . Username and password supplied. Both modems are set to PPPOE passthrough mode.

How do I setup the CENTOS server and the asterisk server please?
0
Comment
Question by:shaunwingin
  • 4
  • 4
9 Comments
 
LVL 10

Accepted Solution

by:
kyleb84 earned 1000 total points
ID: 22934767
There's a nice collection of scripts made by a company called "Roaring Penguin".

http://www.roaringpenguin.com/products/pppoe

These scripts automate the set up of PPPoE and should suite your needs as they are quite easy to use.
0
 
LVL 37

Expert Comment

by:meverest
ID: 22934781
Hi,

the obvious question is: WHERE do you want to connect the pppoe TO?

Cheers.
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22934880
shaun,

PPPoE is a layer 2 protocol, and as such will not work over the "<-subnet 1-><-Mikrotik Router-><-subnet2-><ADSL Modem1>", you will have to have the ADSL modems on the same LAN segment:

ADSL Modem 2
|
CentOS->Mikrotik->Mikrotik
|
ADSL Modem 1


Is it possible to set it up this way?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 37

Expert Comment

by:meverest
ID: 22935483
It may be possible if there is a bridge created across the router ports.

But in the end, it does very much depend on what is the intended destination end of the PPPoE.

Cheers.
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22935538

"But in the end, it does very much depend on what is the intended destination end of the PPPoE."

"Both modems are set to PPPOE passthrough mode."

I'd say the end would be an ADSL connection Mike, connecting back to a PPPoE client on the CentOS box, I'm also assuming he wants both ADSL connections to terminate on the CentOS server?

Is that correct Shaun?
0
 
LVL 37

Expert Comment

by:meverest
ID: 22935619
If that's the intent (PPPoE connection to an 'ISP' account) then it should be possible to do by bridging the router ports on the mikrotik between subnet 1 & subnet 2.

That *would*, of course, essentially defeat purpose of having a firewall there at all, and so it would probably be better to connect the server to a VLAN on the subnet1 port of the mikrotik router.  You can do that by adding a vlan port on the server (don't ask me HOW to do it, but I'm sure oit can be done ;-) then bridge the vlan on the mikrotik to the subnet 2 port.  Then run the PPPoE on the vlan to bring up a connection to the ISP.

Cheers.
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22935683
I agree with Mike's solution.

As for the Linux VLAN part, CentOS has a handy little tool called vconfig:

# vconfig add eth0 10

This would add a VLAN 10 interface on eth0, the new interface would be called eth0.10 - you can use it just like a normal interface (example):

# ifconfig eth0.10 192.168.10.1/24 up

0
 

Author Comment

by:shaunwingin
ID: 22941689
I need only connect through the one ADSL. I can move the ADSL to a second network port on the Asterisk server. This woudl obviously make it a lot simpler. How can I protect the CENTOS 5.1 server in this case.

If I use the VLAN option described will I have any firewall protection from the Mikrotik? Will the VALN put a lot of extra load on the CENTOS server? At the moment subnet 1 is /24 . Excude my ignorace but if I make a VLAN will I need to change the subnet 1 to e.g 255.255.255.128 and then use the same for the VLAN on the CENTOS 5.1?

The whole reason for this setup change is to enable the sip.conf redirect=yes option to work. Is there any way to get it to work with the present setup?
0
 
LVL 37

Assisted Solution

by:meverest
meverest earned 1000 total points
ID: 22943987
Hi,

if you connect your server direct to an ISP service with PPPoE, then you obviously have no firewall in between.  You *can* use a firewall (e.g. iptables) on your server to give protection.  You simply block all ports except what you explicitly require to make SIP etc work.  That is technically equivalent to having a firewall ahead of the server.

If you really must have a firewall in front, then you should ask for a subnet of static IP addresses from your ISP and then route the public addresses through the firewall and on to the centos system behind.  So long as you avoid any NAT, then your SIP server is as good as in the open.

Cheers,  Mike.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question