Hi,
I currently have the following set up in the default routing table:
Physical interface - vio0
VLAN interface - vlan3 (parent vio0)
PPPoE interface - pppoe0 (pppoedev vlan3)
I now want to set up a second PPPoE interface - since the manual
pppoe(4) states "Two pppoe interfaces configured with the same wildcard
destination address cannot share a routing table." I need to replicate
above setup in a second rdomain.
I attempted two approaches:
a) keeping the physical interface in the default rdomain 0, and
installing a second VLAN interface in rdomain 1
-> the second VLAN interface does not seem to be able to communicate
with the physical one (makes sense)
b) keeping the physical and the single VLAN interface in the default
rdomain 0, and installing the second PPPoe interface in rdomain 1
-> the second PPPoe interface does not seem to be able to communicate
with the VLAN interface (makes sense too)
The only approach I can think of, is routing between the two rdomains
with pf.
Is that the only way to go, or can I avoid the packet filter in the
middle? It feels like it might complicate troubleshooting future PPPoE
connection issues on the second PPPoE interface.
If it is the only way to go, what would be the cleanest approach,
avoiding the leakage of WAN traffic between the rdomains?
I was unable to locate any `rdr-to` examples involving PPPoE - since the
PPPoE interfaces do not have an IP address before they authenticates to
the remote server (as I am using wildcards allowing the remote PPPoE
endpoint to assign an address), I assume it would be easier to forward
on a VLAN level. However that would require dissecting between the two
separate PPPoE exchanges - I thought of this pseudo-pf-code, but cannot
find a feasible way to "tag" pppoeX-traffic *before* the interface has
an IP address:
match on pppoe1 to any rdr-to vlan3:network rdomain 0
match on vlan3 to any <pppoe0-traffic> rdr-to pppoe1:network rdomain 1
Would appreciate any input!
Thank you for reading,
Georg
No comments:
Post a Comment