only Nat PPPoE connections

jcremin · July 2, 2008, 5:45am

I have a PPPoE server that is working well, and I need to have an IP on the pppoe interface due to the way I am designing my network. The MT pppoe server is properly masquerading any traffic that is within the private ip range and routing any traffic in the public ip range, but I’m trying to figure out how to only have it masquerade traffic that initiates from a pppoe connection. That way someone can’t type in an IP manually and get online.

Any ideas? Basically what I’m looking for is a way to say: do a srcnet masquerade on the 172.20.99.0/24 network, but only if it is coming from a pppoe conection.

Thanks,
Joe

Chupaka · July 2, 2008, 9:05am

just drop forwarding from ethernet to your internet uplink

jcremin · July 2, 2008, 2:10pm

I think I can figure out how to do that, but could you give me an example just so I know we’re doing it right?

Thanks again,
Joe

Chupaka · July 2, 2008, 3:05pm

ip - firewall - filter - chain = forward; in-interface = ethernet; out-interface = uplink; action = drop/reject

jcremin · July 3, 2008, 5:09am

Cool, that worked perfectly. Thanks!!