Re: Liunx and DSL routing

From: Will Hall (culdespamsac_at_yahoo.com)
Date: 07/08/04 

Date: 8 Jul 2004 05:45:15 -0700

Clifford Kite <kite@see.signature.id> wrote in message

[snip]

>
> > The modem is a Zyxel prestige 650R-31 with NAT/DHCP off and, as
> > instructed by the ISP, has been configured to have a LAN address of
> > aaa.aaa.aaa.158, subnet mask 255.255.255.252.
>
> So aaa.aaa.aaa.158 must be the IP address of a Zyxel interface, serving
> as the "gateway" IP address in the aaa.aaa.aaa.156/30 subnet as well as
> an IP address for telnetting to and configuring the router (as indicated
> later on in your post). And doing ifconfig eth1 should show the local
> IP address as aaa.aaa.aaa.157.

Quiet correct
>
> > The linux box (Slackware 9.1) is then configured to have:
> > IPADDR[0]="195.168.1.100"
> > NETMASK[0]"=255.255.255.0"
>
> > IPADDR[1]="aaa.aaa.aaa.157"
> > NETMASK[0]"=255.255.255.252"
>
> Based on the routing table below, I think the line just above should be
> NETMASK[1]"=255.255.255.252".

Correct again

[snip]

> > Now, the second mail server is configured as follows:
>
> > Server B:
> > Public IPs are bbb.bbb.bbb.76-79
> > Modem is a DLink DSL-300G+ with NAT and DHCP turned off. The
> > configuration is less flexible with this modem/router and fires up
> > with the following information (which I cannot change!)
>
> > IP Address bbb.bbb.bbb.77
> > Gateway bbb.bbb.bbb.78
> > Connection Type PPPoA
> > Encapsulation VC Mux
>
> > So in order to route to the modem I manually add the 192.168.0.1 route
> > (see blow)
>
> I take it that "which I cannot change" really means that telnet to the
> IP address bbb.bbb.bbb.77 fails.

Yes

>
> > The linux box (Slackware 9.1) is then configured as:
> > IPADDR[0]="195.168.2.100"
>
> I believe the line just above should be
> IPADDR[0]="192.168.2.100"

Holmes, you've done it again.

>
> > NETMASK[0]"=255.255.255.0"
> > IPADDR[1]="bbb.bbb.bbb.77"
> > NETMASK[0]"=255.255.255.252"
>
> Again I believe the line just above should be
> NETMASK[1]"=255.255.255.252".

Damn fingers

[snip]

> > This configuration also works fine!! But, I cannot "see" the gateway
> > from the outside. ie nothing from nmap, cannot telnet - but this might
> > be a security feature of the modem. I can telnet into it (via
> > 192.168.0.1) but the commands are not exactly intuitive.
>
> Does "from the outside" mean from your connection host? I'd think it
> _could_ well be a security feature since the gateway does not allow you
> access to it with it's routable IP address. It only needs to forward
> traffic from other hosts to your host and from your host to other hosts.
>

The "outside" refers to telneting the gateway from another WAN

> Saying "the commands are not exactly intuitive" doesn't tell us much.
> What is it that is troublesome?

It's one of those command line interfaces that scares then pants off
me. Zillions of menus and commands that I've never heard of! I guess
I'm trusting the Web interface too much and assuming that it can
provide full configuration if required and will prevent bad
configuration. Probably more a question of designed for non techy
people.

>
> Also, out of curiosity, why did you decide to create the host route
> 192.168.0.1 to eth1? Some hint from the manual for this "modem" or from
> the ISP? Anyway, if you can telnet to *something* by using it then
> there is an interface associated with 192.168.0.1 in the cloud beyond
> the eth1 interface.

Because the modem/router LAN interface defaults to 192.168.0.1 and
it's the only way to access the Web/telnet interface.

>
> > If you're still following this then thank you - I've nearly got to my
> > point....
>
> A twisty maze with many potholes is hard for me to follow. :)

You're doing well, my son.

>
> > Question: The difference is the LAN IP setup: the first has a
> > routeable public IP and the second has a private address. Which is
> > correct? Exactly where do the gateways actually live?
>
> The gateway IP address, bbb.bbb.bbb.78, is that of an interface on the
> other (ISP or modem/router) side of eth1 just as bbb.bbb.bbb.77 is the
> IP address of the interface eth1 on your side. Since the ISP is the
> same in both instances, and using the first modem you can telnet to the
> gateway address to do configuration, it seems to me that the gateway IP
> address is that of some interface within both modems.
>
I guess this is the crux of my issue:

Server A:
                    modem linux PC clients
<---<ISP> --- <WAN IP | LAN IP> --- <ETH 1 | ETH 0> --------> LAN
  aaa.xxx aaa.isp aaa.158 aaa.157 192.168.1.100

aaa.isp is dynamically assignd, but "somehow" knows where aaa.157 is
I belive this setup is correct.

Server B:
                    modem linux PC clients
<---<ISP> --- <WAN IP | LAN IP> ----- <ETH 1 | ETH 0> --------> LAN
  bbb.xxx bbb.78 192.168.0.1 bbb.77 192.168.2.100

The mode LAN interface is either lying or it's aliased to be similar
to Server A.

> If this is indeed PPPoA then the modems must perform some internal
> magic to use an Ethernet interface on your host without the host
> using PPP, as evidenced by your host's lack of a PPP interface.

Yup. I wanted authentication at the modem/router.

>[snip]
>
> I hereby disclaim any responsibility for any result from any action
> taken on the basis of these remarks. In addition to being nowhere near
> qualified by practical experience, and assuming some things that may not
> be true, I may well have become lost somewhere in the maze.

Well, life would be dull without little problems to sort out. (Like
George W). Thanks for your help Clifford - much appreciated.

Relevant Pages