Need advice on replacement modem with bridging

Forums › Spark New Zealand (including Skinny and BigPipe) › Need advice on replacement modem with bridging

dazz1

95 posts

Master Geek

#119478 2-Jun-2013 22:13

Hi
I have an old Nokia M1122 ADSL modem that has done sterling service. I have a IPCop linux firewall between the M1122 and my home network. This arrangement has been working well for years.

The problem is now that I have a webcam server that I want to administer. The webcam server is to be located on a remote site and connected by Telecom T-stick modem. I want to be able to ssh from the home admin laptop to the webcam server. To do this I need the webcam server to initiate a reverse ssh tunnel back to my home network. For that to work, I need to open a pinhole through the M1122 modem into the IPCop firewall. I haven't been able to do that.

At present the webcam is sitting on my dining table. When connected directly into the home network, I have no problems connecting to the designated admin laptop with ssh.

The webcam is currently connected via the XT Network sending images to the webserver (not on my network).
I have dynamic dns setup so I can confirm that the webcam server can get IP address of my modem.

I have read the M1122 manual and opened port 222 to the IPCop firewall. I have also configured the IPCop to allow ssh into the IPCop box. So I should be able to execute the command on the webcam server:
$> ssh -p 222 root@my-home.dyndns.com
to log into IPCop, but I can't. The ssh attempts time out.
I can't get through the M1122 to log into the IPCop firewall.

Ideally the modem should be configured as a half-bridge with NAPT disabled.
The modem only works with "PPP over ATM" mode and NAPT enabled.

I found an explanation of the cause of my problems here: bridging modem
It seems that M1122 port forwarding only works with bridging enabled, but the Telecom broadband connection won't work with bridging. It seems I can't break into my own network.

So I think I need to upgrade to a new modem. I think I can get a Netgear DG834G (at a cheap price) which includes a PPPoA bridging mode ( http://www.actrix.co.nz/page.php?id=109 ). Before I go down that path, can anyone confirm that the Netgear modem can be configured as a plain modem (wireless disabled) that will work with a separate firewall (IPCop)? and will I be able to do port forwarding?

AKLWestie

641 posts

Ultimate Geek

Trusted

Lifetime subscriber

#829831 2-Jun-2013 22:27

Your best bet would be a Draytek 120 which can do full bridge by using PPPoA to PPPoE conversion.

If half bridge (i.e. IP PPP extension) is OK for you, try getting a Dynalink RTA1320, RTA1320v6, or a Netcomm NB6.

plambrechtsen

1948 posts

Uber Geek
Inactive user

#829908 3-Jun-2013 07:30

I would go Draytek Vigor 120 all the way. Tad on the more expensive side but you get what you pay for.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#829909 3-Jun-2013 07:42

As others have said the DV120 is the only device on the market I would recommend.

Ragnor

8220 posts

Uber Geek

Trusted

#829959 3-Jun-2013 10:36

The Draytek is a good device because it does full PPPoA to PPPoE relay/bridge, it's come down a lot and is the best option.

If you're looking for something cheaper there are several models that do PPPoA half bridge or "ip extension", eg:

Dynalink RTA1320
TP Link TD-8840 (non T)
Linksys AM300, Netcomm NB6
Dynalink RTA1025W

You can usually get one of these of trademe for <$20

Note: PPPoA half bridge or ip extension is a hack, usually some combination of enabling proxy arp and faking a gateway.. some linux based software doesn't like the faked gateway address.

See these links
http://www.wlug.org.nz/Half%20bridge%20with%20PPPoA
http://www.ben.geek.nz/2006/11/adsl-routing-solution-in-detail/

There are also hundreds of previous threads on half briding on geekzone and gpforums.

dazz1

95 posts

Master Geek

#830179 3-Jun-2013 19:09

Hi

I have always looked at modems as being an appliance that just works. I have never had to dive into the details until I needed to poke pinholes into my network. It has been a frustrating path to the revelation that ADSL modems are not interoperable.

I will go ahead and get the recommended DV 120. The cost is a fraction of the value of time I have wasted trying to configure my current modem (in accordance with the instructions in the manual).

Thanks for the help.

Dazz

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#830199 3-Jun-2013 19:47

dazz1: Hi

I have always looked at modems as being an appliance that just works. I have never had to dive into the details until I needed to poke pinholes into my network. It has been a frustrating path to the revelation that ADSL modems are not interoperable.

Dazz

I don't quite understand wehat you mean by that comment, but you're very much trying to do something that's beyond the capabilities of the hardware you're using which is now ~13 years old and doesn't even support ADSL2+ so you're also potentially going to hige speed increase as well.

dazz1

95 posts

Master Geek

#830524 4-Jun-2013 15:15

Hi

I am aware that the Nokia M1122 is ancient but it is totally reliable and I get decent thru rates even with ADSL1 and double NATing. Until now I have had no reason to consider replacing it.

The admin manual (available here: http://www.techie.net.nz/adsl/files/M1122_administrator_manual.pdf)
includes a lot of discussion on bridging but not PPPoA to PPPoE.

According to this site: http://forum.ipcop.pd.it/yaf_postst412_PPPOA-HALFBRIDGE-Delucidazioni-sulle-connessione-con-ATM-in-PPPOA.aspx

The following are older ADSL1 modems that have better-than-average half bridge implementations. At least people have reported success with them. They may get you going for now but not a long term solution with ADSL2.

Thomson Speedtouch (PPTP with pptp-client) 510, pro, 536 etc
3com Homeconnect
Dlink 302
Netgear 834
Nokia M1122 (has PPTP pass-through of a PPPoA connection which is probably a better option then half-bridge)

A better alternative solution is to use PPTP passthrough of a PPPoA connection. This means the router establishes the connection via PPTP using the modem. This means the router receives the public IP, has no MTU problems and is the one responsibile for establishing the PPP connection to your ISP. This is supported by a few modems available in New Zealand - specifically:

Nokia M1122 (ADSL1 only)

So I am going to give that a go to see if it works.

Samsung

Shop now on Samsung phones, tablets, TVs and more (affiliate link).

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#830568 4-Jun-2013 16:38

IMHO you're not addressing your problem which is simply that you're using obsolete gear with a less than ideal double NAT setup.

A Draytek is the best solution as it's a full bridge that does full PPPoA to PPPoE conversion. If you're on a EUBA connection this is actually converted back to PPPoE by the DSLAM, so if you have a modem such as a Zyxel you can use full bridge mode and set VLAN10 which does native PPPoE right through to your ISP. If your ISP and hardware support it you'll also have a MTU of 1500 so any MTU related issues also go away.

dazz1

95 posts

Master Geek

#830604 4-Jun-2013 17:35

Hi

FYI My Nokia is reporting the following speeds:

                                       near-end                           far-end
maximum-bitrate              6497 kbits                         864 kbits
actual-bitrate                    6432 kbits                         800 kbits

PPTP appears to be an addon for IPCop. I can't be bothered with the time/effort to get that done.

I will buy a DV120, but they have gone out of stock everywhere over night.

wongtop

563 posts

Ultimate Geek

#830606 4-Jun-2013 17:38

I have an RTA1320 that has been sitting in my garage for a few years if you want to give that a go. Not sure if it works.

ajobbins

5052 posts

Uber Geek

Trusted

#830609 4-Jun-2013 17:49

+1 for a Draytek Vigor 120. I paid AU$49 for mine and it's amazing. Best modem I've ever had.

I run it in bridge mode to a TP-Link Router/AP running DD-WRT. Works excellently and the set up is rock solid.

Twitter: ajobbins

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#830624 4-Jun-2013 18:37

dazz1: Hi

FYI My Nokia is reporting the following speeds:
                                       near-end                           far-end
maximum-bitrate              6497 kbits                         864 kbits
actual-bitrate                    6432 kbits                         800 kbits
PPTP appears to be an addon for IPCop. I can't be bothered with the time/effort to get that done.

I will buy a DV120, but they have gone out of stock everywhere over night.

Are you in a 10+ Mbps according to the Chorus maps? Around 84% of NZ premises are capable of getting a sync rate of at at least 10Mbps

dazz1

95 posts

Master Geek

#850553 7-Jul-2013 21:44

Hi

OK, I have the Draytek modem installed and running. This message is using the modem.
When I add in my IPCop firewall, it can't get an internet connection.

I am now trying to add my IPCop firewall.
Right now the Draytek has an IP address of 192.168.1.1 without the IPCop.
I have noticed that I need to click on the "Dial PPPoA" in the WAN 1 status section of the internet access page to activate the ADSL/PPPoA connection.

I want my network to look like this:

Telecom WAN ADSL <=> Draytek Modem 192.168.2.1 <=> 192.168.2.2 IPCop Red <...> 192.168.1.1 IPCop Green <=> Home Network Switch

So at present, when I insert the IPCop box into the network, I change the IP address of the Draytek to 192.168.2.1, and enable PPPoA/PPPoE pass through mode.

I can ping up to the IPCop red interface, but I don't get a response when I ping 192.168.2.1

Does anyone have experience operating an IPCop firewall with a Draytek modem?
Do I need to add a static route to the Draytek so it knows the address of the IPCop red interface?
Do I need to somehow initiate the modem to dial-up to activate the PPPoA connection?
How do I diagnose a modem problem in pass through mode?

dazz1

95 posts

Master Geek

#850564 7-Jul-2013 22:30

Hi

I found the solution in another post on Geekzone.
On the Dialup page of IPCop, I had an entry in the "Service Name" field. Once this was removed, it all worked.