Fixed external IP setup

Home Page Forums Network Management Networking Fixed external IP setup

This topic contains 8 replies, has 0 voices, and was last updated by  atheling 9 years, 2 months ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #42057

    atheling
    Member

    Trying to setup a net5501 with one additional interface card added. Configuration:

    PPPoE -> ETH0 -> DSL modem
    ETH1 -> Cable Modem with static IP address allocation
    ETH2 -> local wifi network (Zeroshell is DHCP server)
    ETH3 -> local phone network (Zeroshell is DHCP server)
    ETH4 -> local computer network (Zeroshell is DHCP server)

    The PPPoE link, which I expected to have problems with, came right up. 🙂

    ETH1 behavior:
    1. Have link up indication.
    2. Can open cable modem’s web interface page on the GW IP.
    3. From the cable modem’s diagnostic page I am successful at pinging everything I’ve tried.
    So link to modem is up, I can access the modem through Zeroshell and modem sees the world. But I can not access anything through that link from Zeroshell past the modem. Modem configuration unchanged from that which works with my old router.

    Tried turning off my load balance setup (set for failover with Cable modem being highest priority) and simply putting the cable modem as the default GW. Have the same problem. (Load balancing showed ETH1 down because it was unable to ping the target IP addresses, so load balance was using the PPPoE link which it was able to successfully ping those same addresses with).

    Tried setting the default route to be the interface and tried with default route being the modem’s IP addresss. Same result.

    Wondered if there was an issue with NAT on that interface but the setup form on Zeroconf shows the same setup as for PPPoE which is working.

    I’ve also put in some firewall rules that I thought might affect things but they are identical for input and forwarding for PPPoE and for ETH1. And, of course, the PPPoE side is working.

    Suggestions on where to start looking on this? (Had to put the old router back online, so there will be some futzing to run test cases or screen shots.)

    Thanks!

    #49139

    ppalias
    Member

    ppp0 and ETH01 must have NAT enabled. Otherwise if you don’t masquerade the ETH01 interface you will have to add the internal prefixes in the cable modem routing table.

    #49140

    atheling
    Member

    @ppalias wrote:

    ppp0 and ETH01 must have NAT enabled. Otherwise if you don’t masquerade the ETH01 interface you will have to add the internal prefixes in the cable modem routing table.

    I do have NAT enabled on ppp0 and ETH01. And also, for that matter on ETH00.

    I don’t see how to put an attachment on this forum, so please forgive me for posting the following in the body of this post. The routing, network interface and firewall rules below are from the console interface. The NAT listing is from the web UI (I’ve edited the IP addresses to aa.bb.cc.NN and xx.yy.zz.NN):

    ====================

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    aa.bb.cc.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
    xx.yy.zz.180 0.0.0.0 255.255.255.252 U 0 0 0 ETH01
    10.7.52.0 0.0.0.0 255.255.255.0 U 0 0 0 ETH04
    10.7.53.0 0.0.0.0 255.255.255.0 U 0 0 0 ETH03
    192.168.250.0 0.0.0.0 255.255.255.0 U 0 0 0 VPN99
    10.7.54.0 0.0.0.0 255.255.255.0 U 0 0 0 ETH02
    10.4.27.0 0.0.0.0 255.255.255.0 U 0 0 0 ETH00
    0.0.0.0 xx.yy.zz.182 0.0.0.0 UG 0 0 0 ETH01

    ====================

    ********* VIA Technologies, Inc. VT6105M [Rhine-III] (rev 96)
    Status: 100Mb/s Full Duplex
    ETH00 Link encap:Ethernet HWaddr 00:00:24:CC:59:6C
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:4215 errors:0 dropped:0 overruns:0 frame:0
    TX packets:4269 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:3200564 (3.0 Mb) TX bytes:1153881 (1.1 Mb)
    Interrupt:11 Base address:0x6000
    IP 10.4.27.25/24 brd 10.4.27.255
    ********* VIA Technologies, Inc. VT6105M [Rhine-III] (rev 96)
    Status: 100Mb/s Full Duplex
    ETH01 Link encap:Ethernet HWaddr 00:00:24:CC:59:6D
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:602 errors:0 dropped:0 overruns:0 frame:0
    TX packets:3520 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:366852 (358.2 Kb) TX bytes:566241 (552.9 Kb)
    Interrupt:5 Base address:0x8100
    IP xx.yy.zz.181/30 brd xx.yy.zz.183
    ********* VIA Technologies, Inc. VT6105M [Rhine-III] (rev 96)
    Status: 100Mb/s Full Duplex
    ETH02 Link encap:Ethernet HWaddr 00:00:24:CC:59:6E
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:10 errors:0 dropped:0 overruns:0 frame:0
    TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:1750 (1.7 Kb) TX bytes:1046 (1.0 Kb)
    Interrupt:9 Base address:0x6200
    IP 10.7.54.1/24 brd 10.7.54.255
    ********* VIA Technologies, Inc. VT6105M [Rhine-III] (rev 96)
    Status: 100Mb/s Full Duplex
    ETH03 Link encap:Ethernet HWaddr 00:00:24:CC:59:6F
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:1837 errors:0 dropped:0 overruns:0 frame:0
    TX packets:911 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:382707 (373.7 Kb) TX bytes:291868 (285.0 Kb)
    Interrupt:12 Base address:0x8300
    IP 10.7.53.1/24 brd 10.7.53.255
    ********* Realtek Semiconductor Co., Ltd. RTL-8169 Gigabit Ethernet (rev 10)
    Status: 1000Mb/s Full Duplex
    ETH04 Link encap:Ethernet HWaddr 00:14:D1:1A:A8:D2
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:14211 errors:0 dropped:0 overruns:0 frame:0
    TX packets:9927 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:2480487 (2.3 Mb) TX bytes:5446520 (5.1 Mb)
    Interrupt:10 Base address:0xc400
    IP 10.7.52.1/24 brd 10.7.52.255
    ********* Host-to-LAN OpenVPN Interface
    Status: Connections from Road Warrior clients not accepted
    VPN99 Link encap:Ethernet HWaddr 00:FF:5F:B5:D8:BB
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
    IP 192.168.250.254/24 brd 192.168.250.255
    ********* Covad
    Status: Connected
    ppp0 Link encap:Point-to-Point Protocol
    inet addr:aa.bb.cc.55 P-t-P:aa.bb.cc.1 Mask:255.255.255.255
    UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
    RX packets:4013 errors:0 dropped:0 overruns:0 frame:0
    TX packets:4062 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:3
    RX bytes:3100062 (2.9 Mb) TX bytes:1058190 (1.0 Mb)
    IP aa.bb.cc.55 peer aa.bb.cc.1/32

    ====================

    Chain INPUT (policy ACCEPT 1210 packets, 163K bytes)
    pkts bytes target prot opt in out source destination
    7457 855K SYS_INPUT all — * * 0.0.0.0/0 0.0.0.0/0
    1 40 SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    4018 427K SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
    1148 67569 SYS_SSH tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
    0 0 ACCEPT icmp — ETH00 * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT tcp — ETH00 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    0 0 DROP all — ETH00 * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT icmp — ETH01 * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT tcp — ETH01 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    40 1964 DROP all — ETH01 * 0.0.0.0/0 0.0.0.0/0
    199 17958 ACCEPT icmp — ppp0 * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT tcp — ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    29 1420 DROP all — ppp0 * 0.0.0.0/0 0.0.0.0/0

    Chain FORWARD (policy ACCEPT 9800 packets, 5134K bytes)
    pkts bytes target prot opt in out source destination

    Chain OUTPUT (policy ACCEPT 6784 packets, 1909K bytes)
    pkts bytes target prot opt in out source destination
    8607 2086K SYS_OUTPUT all — * * 0.0.0.0/0 0.0.0.0/0

    Chain NetBalancer (0 references)
    pkts bytes target prot opt in out source destination

    Chain SYS_HTTPS (2 references)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all — lo * 0.0.0.0/0 0.0.0.0/0
    4018 427K ACCEPT all — * * 10.7.52.0/24 0.0.0.0/0
    1 40 DROP all — * * 0.0.0.0/0 0.0.0.0/0

    Chain SYS_INPUT (1 references)
    pkts bytes target prot opt in out source destination
    496 71749 ACCEPT all — lo * 0.0.0.0/0 0.0.0.0/0
    248 66911 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 state ESTABLISHED
    30 34554 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp spt:80 state ESTABLISHED
    0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp spt:8245 state ESTABLISHED
    38 2888 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp spt:123 state ESTABLISHED
    6645 679K RETURN all — * * 0.0.0.0/0 0.0.0.0/0

    Chain SYS_OUTPUT (1 references)
    pkts bytes target prot opt in out source destination
    501 72161 ACCEPT all — * lo 0.0.0.0/0 0.0.0.0/0
    1053 85314 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
    66 3976 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8245
    203 15428 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123
    6784 1909K RETURN all — * * 0.0.0.0/0 0.0.0.0/0

    Chain SYS_SSH (1 references)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all — lo * 0.0.0.0/0 0.0.0.0/0
    1148 67569 ACCEPT all — * * 10.7.52.0/24 0.0.0.0/0
    0 0 DROP all — * * 0.0.0.0/0 0.0.0.0/0

    ====================

    Port Forwarding and Source NAT (NAT):
    Chain PREROUTING (policy ACCEPT 1058 packets, 84005 bytes)
    pkts bytes target prot opt in out source destination
    0 0 DNAT tcp — * * 0.0.0.0/0 xx.yy.zz.181 tcp dpt:22 to:10.7.52.130:22
    0 0 DNAT tcp — * * 0.0.0.0/0 xx.yy.zz.181 tcp dpt:25 to:10.7.52.130:25
    1 64 DNAT tcp — * * 0.0.0.0/0 xx.yy.zz.181 tcp dpt:80 to:10.7.52.130:80
    0 0 DNAT tcp — * * 0.0.0.0/0 xx.yy.zz.181 tcp dpt:110 to:10.7.52.130:110
    0 0 DNAT tcp — * * 0.0.0.0/0 xx.yy.zz.181 tcp dpt:443 to:10.7.52.130:443
    0 0 DNAT tcp — * * 0.0.0.0/0 xx.yy.zz.181 tcp dpt:587 to:10.7.52.130:587
    2 128 DNAT tcp — * * 0.0.0.0/0 xx.yy.zz.181 tcp dpt:995 to:10.7.52.130:995
    0 0 DNAT tcp — * * 0.0.0.0/0 xx.yy.zz.181 tcp dpt:2401 to:10.7.52.130:2401
    0 0 DNAT tcp — * * 0.0.0.0/0 xx.yy.zz.181 tcp dpt:5060 to:10.7.52.131:5060
    0 0 DNAT udp — * * 0.0.0.0/0 xx.yy.zz.181 udp dpt:5060 to:10.7.52.131:5060
    0 0 DNAT tcp — * * 0.0.0.0/0 aa.bb.cc.55 tcp dpt:22 to:10.7.52.130:22
    63 3164 DNAT tcp — * * 0.0.0.0/0 aa.bb.cc.55 tcp dpt:25 to:10.7.52.130:25
    3 188 DNAT tcp — * * 0.0.0.0/0 aa.bb.cc.55 tcp dpt:80 to:10.7.52.130:80
    0 0 DNAT tcp — * * 0.0.0.0/0 aa.bb.cc.55 tcp dpt:110 to:10.7.52.130:110
    1 64 DNAT tcp — * * 0.0.0.0/0 aa.bb.cc.55 tcp dpt:443 to:10.7.52.130:443
    0 0 DNAT tcp — * * 0.0.0.0/0 aa.bb.cc.55 tcp dpt:587 to:10.7.52.130:587
    0 0 DNAT tcp — * * 0.0.0.0/0 aa.bb.cc.55 tcp dpt:995 to:10.7.52.130:995
    0 0 DNAT tcp — * * 0.0.0.0/0 aa.bb.cc.55 tcp dpt:2401 to:10.7.52.130:2401
    0 0 DNAT tcp — * * 0.0.0.0/0 aa.bb.cc.55 tcp dpt:5060 to:10.7.52.131:5060
    3 1719 DNAT udp — * * 0.0.0.0/0 aa.bb.cc.55 udp dpt:5060 to:10.7.52.131:5060

    Chain POSTROUTING (policy ACCEPT 160 packets, 16708 bytes)
    pkts bytes target prot opt in out source destination
    2552 211K SNATVS all — * * 0.0.0.0/0 0.0.0.0/0
    1 64 MASQUERADE all — * ETH00 0.0.0.0/0 0.0.0.0/0
    1247 101K MASQUERADE all — * ETH01 0.0.0.0/0 0.0.0.0/0
    1146 93107 MASQUERADE all — * ppp0 0.0.0.0/0 0.0.0.0/0

    Chain SNATVS (1 references)
    pkts bytes target prot opt in out source destination

    #49141

    atheling
    Member

    In case anyone cares, the issue is that the cable modem was blocking traffic because the MAC address on the ethernet interface on the new net5501 Zeroshell router was different than that on the old router.

    I was able to change the MAC address via the shell to prove that was the issue. But that does not survive a power cycle.

    I don’t see a way in the UI to set MAC addresses on interfaces. Am I missing it? Or, is there a start up script that I could edit to set the MAC address on boot?

    I’ll also look into seeing if the net5501 has a bios setup that will change the MAC address…

    #49142

    ppalias
    Member

    Yes you can change the MAC address of an interface, if that would solve the problem. While the interface is in down state issue the command:

    ifconfig ETH01 hw 00:11:22:33:44:55

    You can modify the script

    /root/kerbynet.cgi/scripts/setinterface

    and in line 57 change this

          ifconfig $INTERFACENAME:$A $IP netmask $NETMASK broadcast `getbroadcast $IP $NETMASK` $STATUS 2>/dev/null >/dev/null

    into this

          ifconfig $INTERFACENAME:$A hw 00:11:22:33:44:55 $IP netmask $NETMASK broadcast `getbroadcast $IP $NETMASK` $STATUS 2>/dev/null >/dev/null
    #49143

    atheling
    Member

    Thank you ppalias for all the help you have given me and everyone else on this forum!

    I wasn’t able to make the change suggested by you to stick: /root is actually RAM disk and disappears on reboot. And I did not see where on the “cdrom” (actually flash memory) partition this existed. I guess its a compressed file that is expanded into the RAM disk…

    But I was able to use the UI (in the “Setup”->”Startup/Cron” page) to create a “post boot” script that seems to do the trick for me:

    # Startup Script
    ifconfig ETH01 down
    ifconfig ETH01 hw ether 00:09:A3:00:2F:52
    ifconfig ETH01 up

    #49144

    ppalias
    Member

    To avoid this down-up of the interface you can do the following…

    1) Copy the file

    /root/kerbynet.cgi/scripts/setinterface

    somewhere in /Database
    2) Change the line that I mentioned above
    3) Add a pre-boot script that copies the file from the /Database to the place of the original.

    #49145

    atheling
    Member

    I don’t see it documented on the zeroshell website and I am not home to look through all the scripts at the moment. Am I correct in assuming that when a database save is done everything in the database directory and below it is tarred and zipped?

    So anything I put there will be backed up and properly restored?

    If so then I could create a “local” or “custom” subdirectory in there, populate it with any and all scripts I wish to alter. Then a generic “pre boot” script could copy all of them to the scripts directory.

    Is this correct? (Still learning how this distribution is put together.)

    Thank you again!

    #49146

    ppalias
    Member

    @atheling wrote:

    I don’t see it documented on the zeroshell website and I am not home to look through all the scripts at the moment. Am I correct in assuming that when a database save is done everything in the database directory and below it is tarred and zipped?

    Yes

    @atheling wrote:

    So anything I put there will be backed up and properly restored?

    Yes
    @atheling wrote:

    If so then I could create a “local” or “custom” subdirectory in there, populate it with any and all scripts I wish to alter. Then a generic “pre boot” script could copy all of them to the scripts directory.

    Yes

    #49147

    atheling
    Member

    Hi ppalias!

    Your suggestions worked well with the following issue: Even in the setinterface script you need to set that interface down while changing the MAC address.

    Based on your suggestion, I now have a short generic script set into the “pre-boot” which copies anything it finds in /Database/custom/ to the scripts directory. That works really well.

    And I did check the backup script to find that the backup file is simply a uuencoded tgz file of the “database” area. Simple enough and very effective.

    Thank you for your help! (I’ll undoubtably have other questions in other threads).

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.