I know there are some topics in the forum on this, but I didn’t find any case where my specific problem was handeld. Perhaps someone has a solution out there?
I have a main router in the office. It’s an MT 2.9.38 and has 3 Networks to serve. One is the internal office network, one for my servers (Radius, web etc) the last one for my public availible systems (VoIP Servers).
I have a leased line with public ips attached and my default route pointing to the ISP.
So far so good. Everythings working.
Now there comes the problem:
I don’t want to have my office network using my leased line to access the internet. Rather it shal use an inexpensive DSL account.
So that’s the config I am looking for:
on an spare interface (ether4): pppoe dial in
masquerade anything from internal ether1 directed to internet to ether4
The trouble: Would be very easy if I could tell the PPPoE Client interface to add a default route in table “xx”, making a routing policy and add masquerade for internal network.
But since this feature is not supported (“add default route” adds it in “default” routing table which breaks the whole system, not adding it, makes it impossible to surf the web since IPs are dynamic on DSL), any ideas how to workaround this issue?
For solving a problem with similar causes, I just run a script every x seconds. This checks if the ip address assigned to the pppoe-client interface has changed and does something if it has.
So you could run your pppoe-client without default-route, and have this script add the necessary routing/masquerading rules when a change in the ip address is detected.
The only disadvantage is, that you will have some “outage” on the DSL line from the point where the ip address changes to the point where your script is running the next time. But I think it’s no problem keeping the interval for running this script as low as 15 seconds or fewer.
If you combine that with a script running at night at - let’s say - 4:00 AM - which will terminate your pppoe-client and immediately reconnect it, you can “force” the forced 24-hours disconnect from your DSL-provider to a time where it won’t hurt you. So usually there shouldn’t be any disconnect during normal working hours (with the possible short “outage” I described above).
If you are interested in the script, I can pull it from the router, but don’t have access right now…
I have not check this solution, but maybe this will work for your case.
You put the static default route to table, and route mark the traffic for non office IP. So, when PPPoE client connected, and add default rout, it will only effect the office network, not the other network.
i made it work with scripting this morning.
Took quite some time to get them up and running since I also did a “failover” for the case the DSL dies for a longer period.
My solution right now (for the others out there needing it):
Let the dial in add NO default route (and no dns).
Add src-nat rule for the network(s)
Add routing rule to look up 0.0.0.0/0 for the internal network route in another table
Make a script that:
Catches the assigned IP and network from address table.
Enters the found assigned IP as src-nat → to src address.
Enters the found network as gateway for your special route (in new table)
Make the script run often
To extend it a little you can use a global variable to store the last found ip and only change parameters if address doesn’t match the public ip any more.
And last but not least there can be a failover which allows the internal network to run via leased line if dsl is down or bandwith is low.
Yeah and the best option: Cry very loud if you need such a setup, since I think it would be one of the easier things for MT to add to ROS 3 (“add default route … to table:xxx”) Making the script worthless.