[lug] Qwest Basic service w/ single static IP

Lee Woodworth blug-mail at duboulder.com
Wed Sep 14 21:48:05 MDT 2005 

David L. Anselmi wrote:
> Lee Woodworth wrote:
> [...]
> 
>> 1) We have only one static ip, the link is using PPPoA.
>>    Are there devices (e.g. a straight dsl modem) that we
>>    can use to get a bridged connection instead of a routed
>>    one? If so does qwest have to be involved in making it
>>    a bridged connection?
> 
> 
> Yes and yes.  I've never heard of anyone getting a bridged connection. 
> Maybe with a business account that costs enough.
> 
>> 2) If we can't bridge w/o qwest's cooperation, are there
>>    any DSL modem+router combos where you really can use
>>    the wan interface for hosting inet services?

> 
> 
> Yes.  I'm still using a Cisco 678 and you can get one on eBay cheap.  I 
> haven't looked at Actiontec specifically but every other cable/DSL modem 
> I've seen does DNAT with no limitations.
The cisco 678 has a dns forwarder. I setup a client with one and we
used the modem as the dns server for his windows box. We didn't do
any dns or http service hosting so I don't know if might have the same
issue as the actiontec. The dnat rule for the actiontecis simple. Its the
intercept rules they have in the forward chain that are causing problems.

> 
>> 3) Does qwest use bridged mode when you get a block of
>>    ips vs a single one?
> 
> 
> No.
> 
> What is a DNS forwarder?  Can you describe how it works?  Doesn't seem 
> like that would be terribly useful in a DSL modem so I wonder if there 
> isn't a way round this.
Think dnscache. Its so that home users can just be pointed at the modem
for the client dns. Some devices like the linksys cable/dsl routers can
grab their dns servers from the dhcp server. Less stuff for the tech support
people to know.

> 
> If nothing else, these guys say the thing runs Linux so it should be 
> possible to figure out why it does what it does (and eventually to make 
> it do what you want):
The modem is using some kind of mips cpu with a 2.4.17 kernel. The environment
is really stripped down. No netstat, tcpdump, or iproute. I don't think the
LOG target has been included in the kernel. Tracing the packet flow is tedious
at best.

There are iptables rules which route all traffic to/from port 53/any address
any interface to a dproxy process through a netlink device. I've tried
deleting the port 53 rules, but replies don't seem to make it back to ethernet
interface. The counters for the prerouting, input and forward chains don't
increment. As far I can, tell a traceroute from outside targeting  port 53
gets to the wan side of the router that the dsl modem talks to. The modem's
gw is 207.225.112.220 and the last hop that responds is 207.225.112.104.

>
> http://www.nettwerked.net/actiontec.html
> 
> Dave
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug

More information about the LUG mailing list