[lug] How to simulate static IP with openwrt/wrt54G withez-ipupdate?
Jason Schaefer
js at jasonschaefer.com
Sat May 17 13:17:31 MDT 2008
Siegfried
It depends on which modem you have with comcast. Generally the
"residential modems" don't have a built in firewall. The "business
class" modems do. You can check your wan interface on the wrt, if it
has a private address like 10.1.10.x or 192.168.0.x then you know it
is behind nat/firewall. You can set your wrt wan with a static private
ip (i.e., 10.1.10.2) behind the comcast modem and then put that ip in
the DMZ. This will byepass the firewall. To do this you need to login
to the comcast modem, for instance on a motorala http://10.1.10.1
user: cusadmin pass: highspeed. Something I have noticed is that
comcast periodically forces updates for all modems on the network and
it can reset the DMZ/firewall settings. I highly recommend not using a
modem with built in firewall. I use the RCA, Scientific Atlantic or
Motorola surfboards. Otherwise you can get a static ip from comcast
and configure your wrt with the public ip, which will also bypass any
firewalling in the modem.
I would stay away from dd-wrt, its really cool for its graphical
interface options but its buggy and uses too many resources. Plus with
kamikaze its so easy to configure and have a rock solid box that will
run for ages without issue. I have implemented the dd-wrt and openwrt
in high traffic networks and the openwrt blows dd out of the water!
This looks interesting for users who want some gui ->
http://x-wrt.org/
Hope all this rambling helped!
Jason
On Fri, May 16, 2008 at 9:49 AM, siegfried <siegfried at heintze.com> wrote:
>
> Thanks John!
>
> Does Comcast provide a firewall for you? I'm using Comcast in Bellevue WA. I
> can ping my Bellevue, WA router with my new domain from dyndns.org but I
> cannot ssh into it. I have used the iptables to punch a hole for ssh but no
> luck.
>
> Hmmmm... I have two routers here in Bellevue, WA where I have a dynamic IP
> from comcast. With the Motorola router www.grc.com says everything is
> complete stealth. With the linksys/openwrt I fail on many ports because
> "your computer has responded that this port exists but is currently closed
> to connections".
>
> (In Boulder CO I have another WRT on a fixed IP. I have successfully punched
> a hole so I can ssh into it while I am here in Bellevue, WA).
>
> So what does that mean? I think it means that Comcast is not providing a
> firewall. This is good news.
>
> But if this is true, why cannot my router in Boulder, CO ssh into my router
> in WA?
>
> When I try, I get "ssh: exited: Error connecting: Connection refused"
>
> However, my WRT in Boulder can ping my router WRT in Bellevue, WA. (And my
> free DNS from dyndns.org gets correctly translated too! Hurray!) What does
> that mean? Does that also prove Comcast is not providing a firewall?
>
> Maybe I should try http and open up port 80 and see if I can see a web page
> on the openwrt. They probably explain how to do that on openwrt.org but I'm
> out of time this morning.
>
> Anybody have any other ideas?
> Thanks,
> Siegfried
>
>>
>>-----Original Message-----
>>From: lug-bounces at lug.boulder.co.us [mailto:lug-bounces at lug.boulder.co.us]
> On Behalf Of John Hernandez
>>Sent: Thursday, May 15, 2008 2:22 PM
>>To: Boulder (Colorado) Linux Users Group -- General Mailing List
>>Subject: Re: [lug] How to simulate static IP with openwrt/wrt54G
> withez-ipupdate?
>>
>>Siegfried Heintze wrote:
>>> Please forgive me if you see this twice: I'm debugging an email problem.
>>>
>>> I?ve been reading http://forum.openwrt.org/viewtopic.php?pid=68256#p68256
> and wishing eleon would respond.
>>>
>>> I saw ez-ipdate in ?ipkg list ? so I installed it on my wrt54G.
>>>
>>> Does anyone know how to configure ez-ipupdate with one of the services
> listed at http://ez-ipupdate.com/?
>>>
>>> I talked to dyndns.org and they said to abandon openwrt in favor of DDWRT
> so I could use inadyn. I?m reluctant to muck with something that is not
> broken ? my openwrt/whiterussian has been running just fine on my WRT54G for
> quite sometime.
>>>
>>
>>Siegfried,
>>
>>root at OpenWrt:~# crontab -l
>>12 * * * * /usr/sbin/ez-ipupdate -c /etc/ez-ipupdate.conf -i ppp0
>>
>>root at OpenWrt:~# cat /etc/ez-ipupdate.conf
>>service-type=dyndns
>>user=username:password
>>host=myhost.dyndns.org
>>quiet
>>cache-file=/etc/ez-ipupdate.cache
>>pid-file=/var/run/ez-ipupdate.pid
>>
>>-John
>>_______________________________________________
>>Web Page: http://lug.boulder.co.us
>>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>>Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
>
More information about the LUG
mailing list