I have a /21 block from my upstream provider. I have setup an RB1000 running v4.6. My setup is as follows:
ether1 (WAN): IP = 1.1.1.10/24 ← example /24 within the /21 block
ether2 (LAN): IP = 1.1.2.1/24 ← example /24 within the /21 block
I have proxy-arp enabled on both interfaces and i have a default route to 1.1.1.1 which is the upstream router via ether1. There are also two dynamic routes that the MT automatically added to each subnet via ether1 and ether2. The MT has a connection to the net; I can ping external sites from the MT just fine and i can ping the MT from the outside. I know all the IPs in my /21 are being routed back because if I connect a laptop instead of the MT and setup a static IP i have connectivity (back and forth).
I also setup two firewall rules (forward chain) to accept all packets to and from ether1/ether2 in case that was the issue but I still can’t ping 1.1.1.1 (upstream router) or anything beyond it.
What am I missing?
Thanks in advance!
Do you have a complete /21 block? How is it distributed to you? Do you have an IP on their network and they route the /21 to you via some of their internal IPs? Or do they just bridge you onto their network and say “you have w.x.y.z/21, use w.x.y.1 as default gateway”?
If it is the former, you dont need proxy arp. If it is the latter, you set your RB1000 with w.x.y.2/21 with proxyarp, then on your lan interface, set it to w.x.y.2/32 with proxyarp, then create routes via the LAN interface to the IPs you want to be active. IE: w.x.y.3/32 via ether2.
Id bet that they do it the first way, though. That would be the best, IMHO.
I’m hoping to get some insight into the same issue for setting up a new ROS based gateway router.
I’m currently running pfsense as my gateway, I have a /26 allocation of public ip’s
That is behind one of their internal ip’s.
So I have addresses starting in 216.104.X.X that are tied to the providers internal 24.139.x.x
Most of my clients are natted behind the 24.139.x.x
Using proxy arp in Pfsense I have 1 to1 forwards of some of the 64 ip’s mainly to counter issues for those customers who had difficulty with vpn in a nated enviroment. (I’m a wisp) Giving them a public ip has straightened out their problems.
I want to reproduce this in ROS. Is Proxy arp even the best approach in ROS ? Roadracer96 you indicated in your reply that it wasn’t but if it’s not then what is ?
I’m not a complete noob in ROS I have about 50 ros based AP’s and another reduntant gateway but it isn’t very complicated. Some pointers in the right direction would be greatly appreciated.
Cheers.
Hey did you ever get this working???
Yes I got it working. The problem I think was the subnet overlap. I have two upstream providers (each routing a /21 to me) and I am using MT routers on both providers and they both work. In both cases the /21 blocks are being routed to me by the upstream providers via a /30. So they route the entire /21 to my /30 IP address:
Scenario 1:
location A users ↔ location A MTik router (/24) ← internal IPs —> My core router <---- /30 between me and the provider → Upstream provider 1
location B users ↔ Location B MTik router (/24) ← internal IPs —> My core router <---- /30 between me and the provider → Upstream provider 1
So on my core router I tell it to route the /24 to the internal IP of each location’s router (MT RB1000 or custom MT router)
Scenario 2:
location C users ← (/24) → my MTik router ← /30 between me and the provider → Upstream provider 2
In the second scenario I don’t use private IPs I just hand out IPs from the MTik to the end users and route them back and forth.
I hope this helps!