Re: Liunx and DSL routing

From: Clifford Kite (kite_at_see.signature.id)
Date: 07/07/04 

Date: Wed, 7 Jul 2004 14:18:28 -0500

Will Hall <culdespamsac@yahoo.com> wrote:

> I run two Linux mail servers in different locations, but with similar
> setups: Each with static IP address (block of 4), DSL modem/router fed
> by the same ISP (PPPoA). The linux server has 2 NICs, eth0 for private
> LAN (DHCP, NAT etc for Windows and Mac clients) and eth1 which is
> connected to the modem/router.

> For server A:
> Public IPs are aaa.aaa.aaa.156-159 (I assume 156 is the network
> address, 157/158 are standard routeable addresses and 159 is the
> broadcast?)

Correct.

> The modem is a Zyxel prestige 650R-31 with NAT/DHCP off and, as
> instructed by the ISP, has been configured to have a LAN address of
> aaa.aaa.aaa.158, subnet mask 255.255.255.252.

So aaa.aaa.aaa.158 must be the IP address of a Zyxel interface, serving
as the "gateway" IP address in the aaa.aaa.aaa.156/30 subnet as well as
an IP address for telnetting to and configuring the router (as indicated
later on in your post). And doing ifconfig eth1 should show the local
IP address as aaa.aaa.aaa.157.

> The linux box (Slackware 9.1) is then configured to have:
> IPADDR[0]="195.168.1.100"
> NETMASK[0]"=255.255.255.0"

> IPADDR[1]="aaa.aaa.aaa.157"
> NETMASK[0]"=255.255.255.252"

Based on the routing table below, I think the line just above should be
  NETMASK[1]"=255.255.255.252".

> GATEWAY="aaa.aaa.aaa.158"

> Which gives the routing table as:

> aaa.aaa.aaa.156 0.0.0.0 255.255.255.252 U 0 0 0
> eth1
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth0
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
> 0.0.0.0 aaa.aaa.aaa.158 0.0.0.0 UG 1 0 0
> eth1

> So, to configure the router, I just telnet the gateway,
> aaa.aaa.aaa.158 and everything is fine. This gateway is also
> accessible to the outside world.

> Now, the second mail server is configured as follows:

> Server B:
> Public IPs are bbb.bbb.bbb.76-79
> Modem is a DLink DSL-300G+ with NAT and DHCP turned off. The
> configuration is less flexible with this modem/router and fires up
> with the following information (which I cannot change!)

> IP Address bbb.bbb.bbb.77
> Gateway bbb.bbb.bbb.78
> Connection Type PPPoA
> Encapsulation VC Mux

> So in order to route to the modem I manually add the 192.168.0.1 route
> (see blow)

I take it that "which I cannot change" really means that telnet to the
IP address bbb.bbb.bbb.77 fails.

> The linux box (Slackware 9.1) is then configured as:
> IPADDR[0]="195.168.2.100"

I believe the line just above should be
  IPADDR[0]="192.168.2.100"

> NETMASK[0]"=255.255.255.0"
> IPADDR[1]="bbb.bbb.bbb.77"
> NETMASK[0]"=255.255.255.252"

Again I believe the line just above should be
  NETMASK[1]"=255.255.255.252".

> GATEWAY="bbb.bbb.bbb.78"

> Which gives the routing table as:
> 192.168.0.1 0.0.0.0 255.255.255.255 UH 0 0 0
> eth1
> bbb.bbb.bbb.76 0.0.0.0 255.255.255.252 U 0 0 0
> eth1
> 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth0
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
> 0.0.0.0 bbb.bbb.bbb.78 0.0.0.0 UG 1 0 0
> eth1

> This configuration also works fine!! But, I cannot "see" the gateway
> from the outside. ie nothing from nmap, cannot telnet - but this might
> be a security feature of the modem. I can telnet into it (via
> 192.168.0.1) but the commands are not exactly intuitive.

Does "from the outside" mean from your connection host? I'd think it
_could_ well be a security feature since the gateway does not allow you
access to it with it's routable IP address. It only needs to forward
traffic from other hosts to your host and from your host to other hosts.

Saying "the commands are not exactly intuitive" doesn't tell us much.
What is it that is troublesome?

Also, out of curiosity, why did you decide to create the host route
192.168.0.1 to eth1? Some hint from the manual for this "modem" or from
the ISP? Anyway, if you can telnet to *something* by using it then
there is an interface associated with 192.168.0.1 in the cloud beyond
the eth1 interface.

> If you're still following this then thank you - I've nearly got to my
> point....

A twisty maze with many potholes is hard for me to follow. :)

> Question: The difference is the LAN IP setup: the first has a
> routeable public IP and the second has a private address. Which is
> correct? Exactly where do the gateways actually live?

The gateway IP address, bbb.bbb.bbb.78, is that of an interface on the
other (ISP or modem/router) side of eth1 just as bbb.bbb.bbb.77 is the
IP address of the interface eth1 on your side. Since the ISP is the
same in both instances, and using the first modem you can telnet to the
gateway address to do configuration, it seems to me that the gateway IP
address is that of some interface within both modems.

If this is indeed PPPoA then the modems must perform some internal
magic to use an Ethernet interface on your host without the host
using PPP, as evidenced by your host's lack of a PPP interface.

The magic performed in the modems differs, since the first one allows
you to use the "gateway" IP address to access and configure it while
the second one doesn't.

> If I use bridging mode, do I need to bother with 4 IP addresses?

You need IP addresses for routing IP packets. AIUI, a bridge depends
on ARP and link-layer frames, and is used only to connect the two LANs
it bridges. Does the modem and ISP even allow you use "bridging mode?"

I hereby disclaim any responsibility for any result from any action
taken on the basis of these remarks. In addition to being nowhere near
qualified by practical experience, and assuming some things that may not
be true, I may well have become lost somewhere in the maze. 

-- 
Clifford Kite                Email: "echo xvgr_yvahk-ccc@ri1.arg|rot13"
PPP-Q&A links, downloads:                      http://ckite.no-ip.net/

Relevant Pages

  • Re: PF Load Balancing Outbound Connections - Default Gateway Problems
    ... > separate ISP Cable connections coming in, and I am using the load ... instead goes out the interface for ISP #1. ... The default gateway for the ... it doesn't look like that the above route-to rule is having any ...
    (comp.unix.bsd.openbsd.misc)
  • Re: Liunx and DSL routing
    ... > traffic from other hosts to your host and from your host to other hosts. ... The "outside" refers to telneting the gateway from another WAN ... I'm trusting the Web interface too much and assuming that it can ... provide full configuration if required and will prevent bad ...
    (comp.os.linux.networking)
  • Re: simple ping; pinging 101
    ... > to be able connect arrakis eth0 to the hub, ping caladan, disconnect ... need to use the address that is assigned by your ISP on that interface. ... The arrakis box should end up with a default gateway that points to your ...
    (Fedora)
  • Universal Client Gateway
    ... I am trying to make what some call a universal client gateway. ... setup a gateway that will masquerade IP from any host reguardless of its IP ... support specifying an interface to force assignment. ... I then tried adding a route entry for the LAN interface. ...
    (freebsd-net)
  • Re: interface issue ???
    ... suspect you need to spend some time reading the 'Linux Network Administrator's ... >Destination Gateway Genmask Flags MSS Window irtt Iface ... to interface X that can forward packets to the world. ... be a host address as well with some OS), and the highest is called the ...
    (linux.redhat)