akwok4
join:2005-10-22
Waterloo, ON
| 2x DSL Lines => MLPPP w/ Tomato & pfSense?
I'm thinking of switching over from Shaw to TekSavvy, as the internet is very, very slow from 3:30 PM to midnight everyday (I'm in Richmond, BC).
My current setup is like this:
Cable modem -> pfsense box -> wireless APs, LAN clients
I have a spare WRT54GL lying around with Tomato already flashed.
At this moment I would like to be able to use MLPPP with two TSI lines, and unfortunately pfsense does not support this yet. Is there any way to use the WRT54GL w/ Tomato to only 'combine' the two connections into one, and nothing more, putting it between the modem and the pfsense box? I wish to leave all the routing and DHCP to the pfsense box. Also, if I get two DSL lines, would I need two modems?
So I would like my new setup to be like this:
2x DSL lines -> WRT54GL w/ Tomato MLPPP -> pfsense box -> wireless APs, LAN clients
Is this feasible? |
|
akwok4
join:2005-10-22
Waterloo, ON
| Also, just for kicks, here's a recent tracert to Google (done at 2:45 AM..)
C:\Users\akwok>tracert google.ca
Tracing route to google.ca [64.233.187.104]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms main_router.local [192.168.0.1]
2 * * * Request timed out.
3 1365 ms 789 ms 190 ms rd1bb-ge5-0-0-15.vc.shawcable.net [64.59.159.98]
4 546 ms 1679 ms 662 ms rc2bb-tge0-8-0-0.vc.shawcable.net [66.163.69.149
]
5 72 ms 601 ms 2042 ms rc2wt-pos1-0.wa.shawcable.net [66.163.76.142]
6 1776 ms 464 ms 3775 ms 74.125.48.233
7 500 ms 192 ms 994 ms 209.85.249.34
8 199 ms 267 ms 121 ms 66.249.95.210
9 712 ms 780 ms 272 ms 209.85.242.255
10 494 ms 513 ms 195 ms 72.14.239.21
11 361 ms 455 ms 1000 ms 216.239.43.249
12 390 ms 343 ms 2076 ms jc-in-f104.google.com [64.233.187.104]
Trace complete. |
|
LiQuiD
BSD geek
Premium
join:2002-08-08
Anjou, QC
| reply to akwok4
said by akwok4  :So I would like my new setup to be like this: 2x DSL lines -> WRT54GL w/ Tomato MLPPP -> pfsense box -> wireless APs, LAN clientsIs this feasible? Well, I'm not quite sure why you'd do that, unless you're going to setup a machine to do just packet filtering in bridged mode (can pfsense do that out of the box anyway? - never used it) when it can all be done at the router location.
I'm not sure how that tomato mlppp works, but it should provide you with basic filtering capabilities. You also dont' exactly have a connection type that justifies putting another device in line to do only filtering. A waste of resources IMO.
Why don't you roll up your sleeves and instead of using pfsense, which doesn't support mlppp, build your own openbsd setup on the machine you'd run it on, and have this one machine do routing and filtering (and (reverse)ftp-proxy so FTP works right, and proper DNS and anything else you desire while you're at it). Then you can still use the linksys router if you are so inclined by having your AP(s?) run through it and forcing authpf or vpn connections to allow internet access via the airwaves...
It's a pity to have such a powerful tool as pf hiding behind a linksys router. that tomato-mlppp is good stuff, it's not a slant against it, but I'm sure even their creators will acknowledge that their priority is not on traffic filtering capabilities.
--
Windows is the virus. Linux is the vaccine, FreeBSD is the CURE |
|
DSL_Ricer
Premium
join:2007-07-22
2 edits | No guarantees.
Assumption: you have a static IP from teksavvy (otherwise there's no way of giving the IP to the PF senes box).
On the tomato box:
- Advanced->routing: set Mode to "Router". Save.
- Admin->scripts->Wanup: (change the pfsens box IP)
export PFsensIP="1.1.1.1"
export StaticIP=`ip addr show dev ppp0 | grep inet | cut -d ' ' -f 6`
export ERX=`ip addr show dev ppp0 | grep inet | cut -d ' ' -f 8`
ip addr del $StaticIP peer $ERX dev ppp0
ip addr add 192.168.4.1 peer $ERX dev ppp0
route add default gw `echo $ERX|cut -f 1 -d /` dev ppp0
route add -host $StaticIP gw $PFsensIP dev br0
- Save and reboot
- Add the static IP to the PFsens box.
- On the pfsens box add a route such that stuff will go be routed through the tomato box.
Note 1: assuming no firewall rules stop it, you should be able to ping the static IP from the tomato box, and inversely, the tomato box from the static ip on the pfsense box.
Note 2: the script has not been tested, their may be syntax errors. The general concept, however, has been tested and works |
|
akwok4
join:2005-10-22
Waterloo, ON
| Totally forgot about this thread!
Thanks for the reply dsl_ricer.. but I'm a networking noob so I'm not entirely sure what's going on here. Could you explain it a bit further? Let me go through each line..
export PFsensIP="1.1.1.1"
- This is the IP of my pfsense box? I currently have it as 192.168.0.1.
export StaticIP=`ip addr show dev ppp0 | grep inet | cut -d ' ' -f 6`
export ERX=`ip addr show dev ppp0 | grep inet | cut -d ' ' -f 8`
- Not really sure what these two lines do.. what is ERX?
ip addr del $StaticIP peer $ERX dev ppp0
ip addr add 192.168.4.1 peer $ERX dev ppp0
- What's 192.168.4.1 here?
route add default gw `echo $ERX|cut -f 1 -d /` dev ppp0
route add -host $StaticIP gw $PFsensIP dev br0
- No clue what this means..
And also:
- Save and reboot
- Add the static IP to the PFsens box.
- On the pfsens box add a route such that stuff will go be routed through the tomato box.
I'm not too sure what you mean by adding the static IP to the pfsense box.. could you explain the steps in layman terms? I'm pretty confused..  |
|
DSL_Ricer
Premium
join:2007-07-22
1 edit | said by akwok4 :export PFsensIP="1.1.1.1" - This is the IP of my pfsense box? I currently have it as 192.168.0.1. So you replace 1.1.1.1 by 192.168.0.1
said by akwok4 :export StaticIP=`ip addr show dev ppp0 | grep inet | cut -d ' ' -f 6` export ERX=`ip addr show dev ppp0 | grep inet | cut -d ' ' -f 8` - Not really sure what these two lines do.. what is ERX? These automatically detect stuff, don't worry about them.
said by akwok4 :ip addr del $StaticIP peer $ERX dev ppp0 ip addr add 192.168.4.1 peer $ERX dev ppp0 - What's 192.168.4.1 here? Some random IP. As long as you're not using it somewhere else, it's fine.
said by akwok4 :route add default gw `echo $ERX|cut -f 1 -d /` dev ppp0 route add -host $StaticIP gw $PFsensIP dev br0 - No clue what this means.. These add routes using the previously exported values.
said by akwok4 :And also: - Save and reboot - Add the static IP to the PFsens box. - On the pfsens box add a route such that stuff will go be routed through the tomato box. I'm not too sure what you mean by adding the static IP to the pfsense box.. could you explain the steps in layman terms? I'm pretty confused.. You need to tell your pfsense box that it has a static IP for internet access, and that it should route packets through the WRT. |
|
akwok4
join:2005-10-22
Waterloo, ON
| Do I only need one of the wet/dry lines to have a static IP? Or do both need static IPs?
I don't see where in your code that mentions the second line.. although I'm probably just blind  |
|
DSL_Ricer
Premium
join:2007-07-22
| said by akwok4 :Do I only need one of the wet/dry lines to have a static IP? Or do both need static IPs? I don't see where in your code that mentions the second line.. although I'm probably just blind It doesn't. The IPs are per login. You only need one, independently of how many lines you use. |
|
akwok4
join:2005-10-22
Waterloo, ON | I don't understand, then.. how is it bonding both of the lines together?
Sorry for the noobish questions, and thanks for being so patient with me!  |
|
akwok4
join:2005-10-22
Waterloo, ON | Also, will your config work with just one line? I want to test that it works flawlessly with ML-PPP on one single line before I shell out the money for a second dry line! |
|
DSL_Ricer
Premium
join:2007-07-22
| reply to akwok4
said by akwok4 :I don't understand, then.. how is it bonding both of the lines together? Sorry for the noobish questions, and thanks for being so patient with me! The lines go to Bell. They always do. What make you get service from teksavvy is your login. You login can actually be used on any standard Bell line. You can even use the same login at multiple places simultaneously and independently (as long as the ISP doesn't disallow it and you're not on static IP, since IPs can't be shared).
The way MLPPP works is to allow teksavvy to recognize, that two instances are in-fact the same, and that any packets destined for the given connection should in-fact be sent over all lines in the bundle.
said by akwok4 :Also, will your config work with just one line? I want to test that it works flawlessly with ML-PPP on one single line before I shell out the money for a second dry line! Yes |
|
akwok4
join:2005-10-22
Waterloo, ON | So will I need two modems if I wish to use two lines? |
|
DSL_Ricer
Premium
join:2007-07-22
1 edit | said by akwok4 :So will I need two modems if I wish to use two lines? Yes, but only one router. |
|
akwok4
join:2005-10-22
Waterloo, ON
1 edit | Out of curiosity, will you & Guspaz be doing a ML-PPP package for pfsense anytime soon? |
|
Guspaz
Guspaz
Premium,MVM
join:2001-11-05
Montreal, QC | No. We may port the connection handling stuff to general-purpose Linux, but not BSD. |
|
akwok4
join:2005-10-22
Waterloo, ON | Awww.  |
|
andrewhaji
Premium
join:2002-03-02
North York, ON | Oh, come on, Adrian! Use your CS degree to figure this one out! :P |
|
