WAN direct internet connection from a Fedora (Server) computer to the Internet Network through a PPPoE over-VLAN setup

Hi all! My ISP provides me with internet with PPPoE through VLAN. As my (old) computer is already always-on and acting as a server, and for fun purposes, I decided to make my computer a router.

The excellent @vgaetera helped me with this, suggesting me a few commands to go through, but it doesn’t seem to work (see the thread here).

So far, his suggestion is:

# WAN
VLAN_DEV="eth0"
VLAN_VID="1234"
PPPOE_USER="test"
PPPOE_PASS="12345678"
sudo dnf install NetworkManager-ppp NetworkManager-adsl
sudo nmcli connection delete wan-vlan
sudo nmcli connection add \
    type vlan \
    con-name wan-vlan \
    dev "${VLAN_DEV}" \
    id "${VLAN_VID}" \
    ipv4.method disabled \
    ipv6.method disabled
sudo nmcli connection delete wan
sudo nmcli connection add \
    type pppoe \
    con-name wan \
    ifname ppp0 \
    parent "${VLAN_DEV}.${VLAN_VID}" \
    username "${PPPOE_USER}" \
    password "${PPPOE_PASS}" \
    connection.zone external
sudo nmcli connection up wan-vlan
sudo nmcli connection up wan

# WLAN
WIFI_SSID="test"
WIFI_PSK="12345678"
sudo nmcli connection delete wlan
sudo nmcli connection add \
    type wifi \
    con-name wlan \
    wifi.mode ap \
    wifi.ssid "${WIFI_SSID}" \
    wifi-sec.group ccmp \
    wifi-sec.pairwise ccmp \
    wifi-sec.proto rsn \
    wifi-sec.key-mgmt wpa-psk \
    wifi-sec.psk "${WIFI_PSK}" \
    ipv4.method shared \
    ipv4.addresses 192.168.1.1/24 \
    ipv6.method shared \
    ipv6.addresses 2001:db8:1::1/64 \
    connection.zone internal
sudo nmcli connection up wlan

# Firewall
sudo tee /etc/NetworkManager/conf.d/99-local.conf << EOF > /dev/null
[main]
firewall-backend=none
EOF
sudo systemctl restart NetworkManager.service
sudo firewall-cmd --permanent --zone=internal --add-service=dhcp
sudo firewall-cmd --permanent --zone=internal --add-service=dns
sudo firewall-cmd --permanent --new-policy=internal-external
sudo firewall-cmd --permanent --policy=internal-external --set-target=ACCEPT
sudo firewall-cmd --permanent --policy=internal-external --add-ingress-zone=internal
sudo firewall-cmd --permanent --policy=internal-external --add-egress-zone=external
sudo firewall-cmd --permanent --policy=internal-external --add-rich-rule="rule tcp-mss-clamp value=pmtu"
sudo firewall-cmd --permanent --policy=internal-external --add-rich-rule="rule family=ipv4 masquerade"
sudo firewall-cmd --permanent --policy=internal-external --add-rich-rule="rule family=ipv6 masquerade"
sudo firewall-cmd --reload

You can check the previous thread for a bit more background over here.

I would appreciate if any of you would help me here. What am I doing wrong?

Edit: Let me share with you a poor picture of what’s being displayed on my server when I check the journalctl logs:

20250209_2248471920×887 438 KB

20250209_2248231920×887 440 KB

I did a test setup with pppoe-server on VLAN on one system and pppoe-client on another system according to /usr/share/doc/rp-pppoe-4.0/HOW-TO-CONNECT.
This worked moreorless after adding nobsdcomp to the config.
I did not manage (yet) to get this running via Networkmanager, but I have to findout more.

Add1: Tried native device.
Problem 1: NetworkManager-ppp package missing.
Problem 2: Had to disable IPv6 on client because of rp-filter problems. But this should be a local problem because of test setup.

Unfortunately, the screenshots don’t provide enough information.
We need a more detailed log to understand why it fails.
Try to activate the connections and then collect the log like this:

sudo -i
nmcli connection show
nmcli connection down pppoe
nmcli connection down vlan
nmcli connection up vlan
nmcli connection up pppoe
journalctl --no-hostname -S -5m > nm.log

Hi @hmmsjan and @vgaetera, please see the original thread. I made an update and I’ve been able to sort it out (mostly) except for the firewall part

Let’s close this conversation and continue on the original one, so that everything’s in one place instead, for future visitors.