Hi, I currently connect to my ISP via my adsl modem in bridge mode and PPPoE. I am due to put a second PPPoE ISP onto my firewall box which will give me ppp0 (general) and ppp1 (static leased line). The static leased line will run a number of services on its static IP and it is therefore imperative to make sure rules defined for the static line are assigned to the correct interface. I need this to be rock solid and want to avoid the possibility of providers getting the wrong ppp unit numbers. However, as we know ppp unit numbers are assigned on a first-come first-serve basis (at least under Debian), and i don''t believe there is there any way to bind/fix/make-permanent the interface name ppp0 to provider 1, and ppp1 provider 2. On going through the list archives i found: http://lists.shorewall.net/pipermail/shorewall-users/2003-November/009774.html >> The problem is to control the assignment of i/f numbers to ppp>> connections, i.e. ppp0, ppp1. It can be useful to know this in>> the Shorewall config files. Is it possible?>>> I recently spent considerable time documenting the workaround for this> problem at http://www.shorewall.net/PPTP.htm Please forgive my ignorance but i cant see how i can control each interface''s unit number from the above PPTP information page. I then see a later list posting:http://lists.shorewall.net/pipermail/shorewall-users/2005-January/016730.html >> Is there an Easy way way that shorewall can distinguish the two lines and>> be able to apply the specific>> rules of the zone without depending on the interface name....??> There is no way that Shorewall can do this. If you can think of a way to> do it, you can set a shell variable in /etc/shorewall/init where the> value in the Shell variable is the interface that you want for the ''net''> interface. So unless i am missing something, i think at the moment i will have to write some small custom scripts to identify what interface is on what ppp interface (ppp0 or ppp1), via the ip-up ppp scripts, and assign these interfaces to Shorewall configuration files before restarting Shorewall. Does that sound like a plan or am i missing an easier way? Many thanks in advance, Chris _________________________________________________________________ Make a mini you on Windows Live Messenger! http://clk.atdmt.com/UKM/go/107571437/direct/01/ ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Chris Morley wrote:> Hi, > > I currently connect to my ISP via my adsl modem in bridge mode and > PPPoE. I am due to put a second PPPoE ISP onto my firewall box which > will give me ppp0 (general) and ppp1 (static leased line). The static > leased line will run a number of services on its static IP and it is > therefore imperative to make sure rules defined for the static line are > assigned to the correct interface. I need this to be rock solid and want > to avoid the possibility of providers getting the wrong ppp unit numbers. > > However, as we know ppp unit numbers are assigned on a first-come > first-serve basis (at least under Debian), and i don''t believe there is > there any way to bind/fix/make-permanent the interface name ppp0 to > provider 1, and ppp1 provider 2. > > On going through the list archives i found: > > _http://lists.shorewall.net/pipermail/shorewall-users/2003-November/009774.html_ > > >>/ The problem is to control the assignment of i/f numbers to ppp > />>/ connections, i.e. ppp0, ppp1. It can be useful to know this in > />>/ the Shorewall config files. Is it possible? > />> > > I recently spent considerable time documenting the workaround for this > > problem at _http://www.shorewall.net/PPTP.htm_ > > Please forgive my ignorance but i cant see how i can control each > interface''s unit number from the above PPTP information page.Apparently there were instructions there five years ago. Clearly there aren''t any there now and as the page is unmaintained, they are unlikely to re-appear.> So unless i am missing something, i think at the moment i will have to > write some small custom scripts to identify what interface is on what > ppp interface (ppp0 or ppp1), via the ip-up ppp scripts, and assign > these interfaces to Shorewall configuration files before restarting > Shorewall.Can''t you simply set the ''ifname'' option in each pppd.conf file? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
2008/8/5 Chris Morley <g18c@hotmail.com>> However, as we know ppp unit numbers are assigned on a first-come > first-serve basis (at least under Debian), and i don''t believe there is > there any way to bind/fix/make-permanent the interface name ppp0 to provider > 1, and ppp1 provider 2. >man pppd: unit num Sets the ppp unit number (for a ppp0 or ppp1 etc interface name) for outbound connections. -- Dmitry Fedoseev. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Chris As Dmitry wrote, it''s the unit parameter that you need. Like you, I run my ADSL modem in bridged PPPoE mode and run PPPoE on my firewall. My PPPoE uses ppp8 and dialup backup to defaults to ppp0. I deliberately leave a gap so that if ppp0 is ever unavailable, dialup can use ppp1 without any conflicts in my firewall definition. I have been running this configuration for 7 months without any issues. I have attached my PPPoE configuration. Steven. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Thanks for the replies gentlemen a great help and much appreciated, indeed ''unit'' is the solution in this case. I will try/implement this and post back my configuration of a dual ADSL setup tomorrow, along with steps in case anybody else wishes to implement the same setup. Cheers, Chris> From: steven@springl.ukfsn.org> To: shorewall-users@lists.sourceforge.net> Date: Tue, 5 Aug 2008 17:14:26 +0100> Subject: Re: [Shorewall-users] Multi ISP ppp0 and ppp1 switching> > Chris> > As Dmitry wrote, it''s the unit parameter that you need.> > Like you, I run my ADSL modem in bridged PPPoE mode and run PPPoE on my > firewall. > My PPPoE uses ppp8 and dialup backup to defaults to ppp0. I deliberately leave > a gap so that if ppp0 is ever unavailable, dialup can use ppp1 without any > conflicts in my firewall definition. > > I have been running this configuration for 7 months without any issues.> > I have attached my PPPoE configuration.> > Steven._________________________________________________________________ Win New York holidays with Kellogg’s & Live Search http://clk.atdmt.com/UKM/go/107571440/direct/01/ ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/