[lug] Cisco 678 and NAT

Tue Jan 3 10:30:40 MST 2006

Probably as karmicly induced punishment for cursing the name of Qwest, my
work has very unreliable DSL from Qwest. Every now and then it is 1.5mps
(as spec'd), but it drops down to 640, or 128kps or drop outs completely.
If it drops to a low speed (128kps), it will stay they until I manually
reset the connection or until DSL goes down fully. On reset, it might get
to a higher speed, it might not.

(I've yelled at them for weeks and they claim that there is nothing they
can do: we are far from the station and the wires going from my work to
the station are shared with 25 T1's and when the T1's are in use I get
noise pickup and it drops the DSL connection.)

So what to do? I bought a cisco 678 (I was using their supplied ActionTek)
and it seems to get slightly higher connection speeds. I also have a
static ip address. I've got a minicom script that talks to the cisco modem
and gets its connection speed. I also have a minicom script that runs "set
int wan0 down" "set int wan0 up" to reset the DSL and allow me to connect
(potentially) at a higher speed. I've got a little cron job that looks at
the speed and how long it has been there and decides when to reset the
DSL. This works fine, in that it now doesn't get hung at low speeds, as it
will often get bumped down to 400kps for a few minutes, but 10 minutes
later I can reconnect at (a blazing) 1024kps.

But my problem is with NAT. When I do the reset, the cisco resets all its
NAT tables and all the people using the internet get their connections
reset. I'd like to not have this happen, but just have the connections
pause (though potentially time out, I guess)  Now I've got a netgear
firewall / router between my intranet and the cisco, so the cisco forwards
everything to the 10.0.0.2 (the firewall) which does NAT to my intranet

Intranet (192.168.0.0/24) -> 192.168.0.1 (firewall intranet) -> 10.0.0.2
(firewall outside) -> 10.0.0.1 (cisco wan0 ip) -> static internet IP

I've tried adding the line:

set nat entry add 10.0.0.2

so it forwards everything to 10.0.0.2. But my ssh connections (and
whatnot) still get upset by the reset. Is there a better way to do this? I
don't think Qwest supports bridging mode anymore (I'm using pppo[AE] I
believe).

Any ideas on how to make the best of crummy dsl? As a side note, the
internet was very slow all day on Jan 1st! This puts some doubt as to the
problem being the T1's nearby being used, since I know none of our
neighbors (low-tech shipping companies) were open on Sunday.

Thanks,

Ben