Hello,

I have two mk routers R1 acting as a edge router and R2 as a PPPoE server.

in R1 there is a eth1 connected to ISP with a public IP(/30) and routing one /24 public IP range.
I want to add a new public IP (95.xx.xx.yy/24) range to PPPoE pool in R2 to deliver public ip to our customers.
R1 and R2 are connected using 10.0.0.1 and 10.0.0.2 private IP. The network is ospf enabled and working.
The problem is that I need a masquerade rule in R1 for get internet access to the pppoe customers in range (95.xx.xx.yy/24). When I disable this rule on R1 pppoe customers can't access to internet.
Then I do traceroute and the last hop that works is 10.0.0.1.
On R1 there is a static default route working OK and ospf distribute default route and connected routes (if-installed as type 1) on R1 and R2 (all networks in backbone area).

I don't uderstant why I can't route the public ip range (95.xx.xx.yy/24) to our customers and when enable on R1 a masquerade rule then works (masquerading eth1 public /30 IP).
I tried proxy-arp on 10.0.0.1, 10.0.0.2 and pppoe bridge(95.xx.xx.1).

Please, can someone help me with this issue?

Thanks in advance.

Try giving the router a public address without masquerading for the PPPoE clients.

Thanks,
I have done this, but i can't get acces to internet (that is the problem), the only way that I have to get acces to internet is enable the masquerade rule on R1 :
chain=srcnat action=masquerade src-address=9.xx.yy.0/24 out-interface=ether1

I know that is not routing the public ip that we give to our customers, and the question is how we can achieve this (route public IP from pppoe clients to internet through a segment of network that has privater IP).

Regards,

Can you post /ip route print of r1 and r2 ?
In your ospf configuration you redistribuite directed connected?
Why you use private ip address space for interconnection of r1 and r2?

Are you sure that your upstream provider route to your /30 on r1 the new /24 that you wanto to give to your ppp customers ?

With pubblic ip address space you do not have to masquerade.

Thank you Luth ,

- R1 routing Table:
- R2 Table:

- About OSPF instances on R1
- On Router 2 OSPF
As you can see I have doing tests changing private ip by public ones and the result is the same.

Now router 1 has 9x.xx.xx.2 (10.0.0.1 is still active) on a bridge interface
Router 2 has 9x.xx.xx.3 on eth1(10.0.0.2 is still active) that is connected to router 1.
- PPPoE server on router 2 it's installed on a bridge interface and its pool goes from 9x.xx.xx.20-9x.xx.xx.254 (this bridge interface has no IP), and his local address is 9x.xx.xx.3

In Ripe NCC database there is the route object created and my ISP says that the route is announced and working (I have another /24 working ok).

I tried to do traceroute from a pppoe client to 1xx.xx.xx.85/30 (the IP from remote router upstream provider) and without masquerade rule on Router1 (Router 2 has neither nat nor mangle rules) the last hop is 10.0.0.1 and is unable to reach it.

When I enable on R1: then I can reach that IP.

I don't understand whats going on.....

Thank you again.

Thank you Luth ,

- R1 routing Table:

Code: Select all

#      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          1xx.x.xx.xx    >
 1 ADC  10.0.0.0/24        10.0.0.1        bridge_gestHW   >
 2  Do  10.0.0.0/24                        9x.xx.xx.3    >
                                           10.0.0.2        >
 3 ADC  10.0.0.1/32        10.0.0.1        loopback        >
 
 4 ADC  9x.xx.xx.0/24    9x.xx.xx.2    bridge_gestHW   >
 5  Do  9x.xx.xx.0/24                    9x.xx.xx.3    >
                                           10.0.0.2        >
 6 ADo  9x.xx.xx.252/32                  9x.xx.xx.3    >
                                           10.0.0.2        >
 7 ADo  9x.xx.xx.253/32                  9x.xx.xx.3    >
                                           10.0.0.2        >
 8 ADo  9x.xx.xx.254/32                  9x.xx.xx.3    >
                                           10.0.0.2        >
 9 ADC  1xx.x.xx.84/30    1xx.x.xx.86    ether1          >

- R2 Table:

Code: Select all

#      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADo  0.0.0.0/0                          10.0.0.1                110
                                           9x.xx.xx.2      
 1 A S  0.0.0.0/32                         9x.xx.xx.2              1
 2 ADC  10.0.0.0/24        10.0.0.2        ether1                    0

 3 ADC  9x.xx.xx.0/24    9x.xx.xx.3    ether1                    0
 4 ADo  9x.xx.xx.2/32                    10.0.0.1                110
                                           9x.xx.xx.2      
 5 ADC 9x.xx.xx.252/32  9x.xx.xx.3    <pppoe-rosario>           0
 6 ADC  9x.xx.xx.253/32  9x.xx.xx.3    <pppoe-ovidio>            0
 7 ADC  9x.xx.xx.254/32  9x.xx.xx.3    <pppoe-test>              0
 8 ADo  1xx.xx.xx.84/30                    10.0.0.1                110
                                           9x.xx.xx.2      

- About OSPF instances on R1

Code: Select all

[admin@CoreRouter] /routing ospf instance> pr
Flags: X - disabled 
 0   name="default" router-id=10.0.0.1 
     distribute-default=if-installed-as-type-1 
     redistribute-connected=as-type-1 
     redistribute-static=as-type-1 redistribute-rip=no 
     redistribute-bgp=no redistribute-other-ospf=no 
     metric-default=1 metric-connected=20 metric-static=20
     metric-rip=20 metric-bgp=auto metric-other-ospf=auto 
     in-filter=ospf-in out-filter=ospf-out 

- On Router 2 OSPF

Code: Select all

[admin@PPPoE-SRV] /routing ospf instance> pr
Flags: X - disabled, * - default 
 0  * name="default" router-id=10.0.0.2 distribute-default=if-installed-as-type
      redistribute-connected=as-type-1 redistribute-static=no 
      redistribute-rip=no redistribute-bgp=no redistribute-other-ospf=no 
      metric-default=1 metric-connected=20 metric-static=20 metric-rip=20 
      metric-bgp=auto metric-other-ospf=auto in-filter=ospf-in 
      out-filter=ospf-out 

As you can see I have doing tests changing private ip by public ones and the result is the same.

Now router 1 has 9x.xx.xx.2 (10.0.0.1 is still active) on a bridge interface
Router 2 has 9x.xx.xx.3 on eth1(10.0.0.2 is still active) that is connected to router 1.
- PPPoE server on router 2 it's installed on a bridge interface and its pool goes from 9x.xx.xx.20-9x.xx.xx.254 (this bridge interface has no IP), and his local address is 9x.xx.xx.3

In Ripe NCC database there is the route object created and my ISP says that the route is announced and working (I have another /24 working ok).

I tried to do traceroute from a pppoe client to 1xx.xx.xx.85/30 (the IP from remote router upstream provider) and without masquerade rule on Router1 (Router 2 has neither nat nor mangle rules) the last hop is 10.0.0.1 and is unable to reach it.

When I enable on R1:

Code: Select all

 
chain=srcnat action=masquerade src-address=9x.xx.xx.0/24 out-interface=ether1 

then I can reach that IP.

I don't understand whats going on.....

Thank you again.

Sorry but the other /24 that is working is not visible in your post, can you x only third octet of the ip address?
I have some difficult to try to suppose what are doing your packets!

Can you try to disable ospf and configure all with static routes?
I think you have somthing wrong in routing table of R1, for example where is the static of new /24 to route packet to r2 where you use it on pppoe pool? Or you annunce the new /24 over ospf?

If you have only the architeture discribed is very small and ospf is not necessary, so try to configure all with static route.

Bye

Thanx Luth for your time.

Today I called my ISP and forced to review the static route and they find a mistake.
At the end it was problem from the ISP, they send the new IP route to a router port that was shutdown .
(they sumarized the 2 /24 that we owe , in one /23 because they are consecutive and solved the problem).

- OSFP is active because I have another network infrastructure working and I was deploying a new segment with a PPPoE server and Radius AAA.

Thanks again for your attention ,

Nino