I am new to the Nethserver camp and have encountered an issue (in both Nethserver 6.7 and 7.2 Alpha2).
After a basic install in a VM, with two NICs (one red and one green - static IPs each), I have installed firewall, vpn services. Also I have ensured that all software is up-to-date.
I have tried to add a PPPoE (logical) interface. When the form appears, there is a pull-down box for the ethernet interface but without any choices. I would have expected that there be at least one (e.g. the red interface for ethernet).
Thanks - one and all. Just the answer that I needed.
I revoked the red role from eth0. Turned off the PPPoE on the router (Sagemcom), and activated PPPoE using the signon from my ISP.
I am currently using it to compose this message.
I may have another question regarding a /30 set of IPs that are not in ppp0 set. First I will dig around some more.
The new db networks show is:
[root@gateway ~]# db networks show
eth0=ethernet
hwaddr=00:0c:29:14:e0:d9
role=pppoe
eth1=ethernet
bootproto=none
device=eth1
gateway=0.0.0.0
hwaddr=00:0C:29:14:E0:CF
ipaddr=192.168.32.1
netmask=255.255.255.0
onboot=yes
role=green
ppp0=xdsl
AuthType=auto
Password=secret
name=PPPoE
provider=TekSavvy
role=red
user=a@a.a
I’m understanding that your ISP gives you 4 addresses (a /30) in PPPoE.
Did you have to enter the /30 in your Sagecom or they were automatically pulled?
I’d like to add support to NethServer, but I need a tester.
The reason that I am not using sagemcom is that it does not pull the /30 from the ISP (TekSavvy).
My static IP is 206.248.171.126. There is another /30 (totally different) in 76.10.177.152/30. It provided by the ISP but implementation is not supported by their tech team. So it is my problem.
I had to contact my ISP to confirm details. First of all, it was noted that the fixed /30 that I referred to in a previous post is not correct in the fourth octet. The following is a quote from their email.
–>
VPI/VCI for ON/QC is: 0.35 # I am in ON - not sure that is important for other than PPPoE
VPI/VCI for AB/BC is: 0.33
IP Information
/30: 76.10.177.52 / 255.255.255.252
Single: 206.248.171.126
<–
The fixed /30 subnet is definitely tunneled over the main IP.
Can/should I use bond, bridge or VLAN over PPPoE? Based on my discussion - the /30 IP must be assigned manually.
After some testing of lo:1 loopback settings on my gateway, I was able to determine that the /30 IP does respond to remote pings. However, it did not forward any other connections to my mail server. So instead I removed the lo:1 and added another ethernet card on the gateway, assigning the first /30 IP to it as well as putting it in the red zone. Upon reboot I lost the default route on pppoe. So I added it manually. Then it all worked. I then assigned the next /30 IP to the mail server eth0 port and put it in the red zone.
Is there anyway in the WEBGUI to force pppoe to provide the default route? I think the problem might be that there are two red zone interfaces in two different subnets. I checked the ipcfg-ppp0 file and found a line that reads:
DEFROUTE='no'
Am I correct in assuming that indicates that ppp0 is not set as the default route on coming up?
Both interfaces are exposed to the outside world. One is the main static IP for my gateway. That must be red for sure.
The other is just the router for my /30 subnet. I was assuming that it should be red - however - I may not be correct in my assumption. Could it be another colour? e.g. blue or orange (DMZ)? The important part is that I need the ppp0 interface to contain the default route on any reboot, since the /30 subnet is routed over the ppp0 connection.
Also my rationale for discussing this on this forum is if there are others trying to implement something similar than there is an online record for them as well.
I think that you have to create only one connection, because you really have one connection.
I think that the additional /30 should be configured as a set of aliases of the one and only connection interface: ppp0.
If you would like to make some tests, I’d start removing the eth2, leaving only PPPoE.
After network reconfiguration, when connected to the internet, add the /30 as aliases to the ppp0 interface with commands like:
ip ad ad 76.10.177.152/30 dev ppp0
A ping should confirm everything’s working. Also, please show the output of:
ip ad
From this point, we need to find a way to integrate this config into centos network scripts (I just read the manuals, but I couldn’t find it).
Actually GOOD NEWS - it works without modifying any of the standard nethserver scripts!!! No workaround needed.
I am giving a great BIG SHOUT OUT for the nethserver team. It will be something that I will be recommending to several other individuals and small businesses that need just this type of tool. Thanks Artem and Filippo for your great support.
I pursued the ORANGE (DMZ) concept. On the gateway, I setup eth2 as orange and used the first /30 IP. On the mail server I used the second /30 IP and assigned it to the RED zone. On the gateway, I also had to setup a firewall object for the mail server. Then in the firewall rules, I added one rule to allow any traffic for the mail server to pass the gateway. I added another rule to gateway to allow any traffic from the mail server to pass the gateway. (It would be good to have that as a single click option on the firewall config WEBUI - just like the red interface).
Finally, I tested (successfully) access to roundcube and sogo from remote locations. As a final touch, I used nethserver 7 alpha 2 (for anyone following this thread the device names are changed from ethx to ensxx)