Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsNew Zealand BroadbandChorus installed fibre - can ONT be used as router
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 
cyril7
9075 posts

Uber Geek
+1 received by user: 2499

ID Verified
Trusted
Subscriber

  #3064378 16-Apr-2023 20:31
Send private message

Hi if the ont is not provisioned it normally has the Lan interfaces administratively shutdown, so yes no lights would happen.

Cyril



Greendrake
86 posts

Master Geek
+1 received by user: 5


  #3064379 16-Apr-2023 20:32
Send private message

cyril7: Hi if the ont is not provisioned it normally has the Lan interfaces administratively shutdown, so yes no lights would happen.

Cyril

 

Huh, that's good to know. Amazing!

 

Thanks a lot.




Only difference makes happiness

RunningMan
9189 posts

Uber Geek
+1 received by user: 4842


  #3064380 16-Apr-2023 20:33
Send private message

Greendrake:[snip] Look, I am not even with any ISP just yet and I am not expecting to get online with ONT right now.

 

 

Probably should have mentioned that critical bit of info earlier! That's why it isn't working, it won't be provisioned to do anything at this stage. When set up for RGW mode then all the LAN ports will be live. In normal ONT mode, then only the ports that have an active connection on them will be live (generally LAN1).



Jase2985
13735 posts

Uber Geek
+1 received by user: 6216

ID Verified
Lifetime subscriber

  #3064381 16-Apr-2023 20:50
Send private message

Greendrake:

 

Jase2985:

 

I think the ISP has to ask chorus/enable to enable this function

 

 

That's interesting. I though it was vested in the hardware and not to be turned on/off by Chorus or anyone.

 

 

how would you swap between it being a WAN connection on the LAN ports (ONT Mode) and it being a router and the LAN ports being LAN ports (RGW Mode) if someone didn't do something to the software on the ONT?

 

Chorus/Enable own the ONT so it has to be enabled by them

Greendrake
86 posts

Master Geek
+1 received by user: 5


  #3064384 16-Apr-2023 21:11
Send private message

Jase2985:

 

how would you swap between it being a WAN connection on the LAN ports (ONT Mode) and it being a router and the LAN ports being LAN ports (RGW Mode) if someone didn't do something to the software on the ONT?

 

 

Haha, well, it just didn't cross my mind that that "someone" would not only be doing "something to the software on the ONT" remotely via the fibre, but would also, by default, disable anyone from doing it locally via the LAN port.

 

One of the 4 ports could stay in permanent LAN mode just so that the ONT could be administered locally at any time.

 

Jase2985:

 

Chorus/Enable own the ONT so it has to be enabled by them

 

 

They could also leave it enabled by default and let users tweak it. After all, the ONT is to serve no one but the user, even if the user doesn't own it.




Only difference makes happiness

Jase2985
13735 posts

Uber Geek
+1 received by user: 6216

ID Verified
Lifetime subscriber

  #3064385 16-Apr-2023 21:20
Send private message

Greendrake:

 

Haha, well, it just didn't cross my mind that that "someone" would not only be doing "something to the software on the ONT" remotely via the fibre, but would also, by default, disable anyone from doing it locally via the LAN port.

 

One of the 4 ports could stay in permanent LAN mode just so that the ONT could be administered locally at any time.

 

 

but the home owner is not the administrator...

 

and the ONT can supply 4x internet connections from it so having one as LAN changes the base specs of the network.

 

Greendrake:

 

They could also leave it enabled by default and let users tweak it. After all, the ONT is to serve no one but the user, even if the user doesn't own it.

 

 

its their network they are not going to leave it for users to "tweak" as you put it.

 

im not sure what you are wanting from this?

 
 
 
 

Shop now on Samsung phones, tablets, TVs and more (affiliate link).
Greendrake
86 posts

Master Geek
+1 received by user: 5


  #3064386 16-Apr-2023 21:30
Send private message

Jase2985:

 

im not sure what you are wanting from this?

 

 

I'm just getting familiar with how this stuff works. Earlier today I was still considering using the ONT as a router having direct access to my home network but now I already see how bad idea it is security-wise — essentially exposing my network to whoever is on the other side of the fibre.

 

 

 

Jase2985:

 

its their network they are not going to leave it for users to "tweak" as you put it.

 

 

Well, that is the crux. I used to think that "their" part of the network ends where the fibre cable enters the ONT, and its LAN ports were already part of my network that no one was supposed to peek into. How wrong I was. Definitely now have to put another router between the ONT and the rest of my network to secure the border.




Only difference makes happiness

quickymart
14942 posts

Uber Geek
+1 received by user: 13956

ID Verified

  #3064387 16-Apr-2023 21:49
Send private message

You would increase support calls to RSP's if something like this was "enabled by default" for end users to "tweak" - I can say about 99.5% of them would have no idea what they're doing and would no doubt screw things up.

Jase2985
13735 posts

Uber Geek
+1 received by user: 6216

ID Verified
Lifetime subscriber

  #3064389 16-Apr-2023 22:21
Send private message

Greendrake:

 

I'm just getting familiar with how this stuff works. Earlier today I was still considering using the ONT as a router having direct access to my home network but now I already see how bad idea it is security-wise — essentially exposing my network to whoever is on the other side of the fibre.

 

 

No different to running an ISP router security wise.

 

Greendrake:

 

Well, that is the crux. I used to think that "their" part of the network ends where the fibre cable enters the ONT, and its LAN ports were already part of my network that no one was supposed to peek into. How wrong I was. Definitely now have to put another router between the ONT and the rest of my network to secure the border.

 

 

The ONT is their network, if your using it in RGW mode then its still theirs they just let you use the router part of it.

 

How/why do you think chorus/enable will be peaking into your network?

 

i think your mistaking them owning it for them controlling it in RGW mode, completely different things.

RunningMan
9189 posts

Uber Geek
+1 received by user: 4842


  #3064390 16-Apr-2023 22:22
Send private message

Greendrake:[snip]Earlier today I was still considering using the ONT as a router having direct access to my home network but now I already see how bad idea it is security-wise — essentially exposing my network to whoever is on the other side of the fibre.

 

 

It's not a great idea (hence the Chorus phase out), but not for security reasons. In RGW mode it's still using NAT for IPv4 and your network is no more exposed than with any other correctly configured router.

 

The ONT is part of the LFC's network, the last bit before your network, so they have to administer it, including when in RGW mode. Good if requirements are very simple and never need changing, but a bit clumsy for most purposes.

Greendrake
86 posts

Master Geek
+1 received by user: 5


  #3064393 16-Apr-2023 22:49
Send private message

Jase2985:

 

How/why do you think chorus/enable will be peaking into your network?

 

 

Well, I think/hope no one will. Still I would rather make it technically impracticable instead of simply hoping/trusting.

 

RunningMan:

 

In RGW mode it's still using NAT for IPv4 and your network is no more exposed than with any other correctly configured router.

 

 

Yes, but a hypothetical malicious dude working for the ISP (or Chorus?) should be able to remotely login to the ONT and setup a transparent tunnel into my LAN — being able to see, for example, what sort of stuff I keep on my local DLNA media server (which has no password protection for clients because the home LAN is deemed trusted). Same is possible if the router is provided/controlled by the ISP.

 

Thus, I take it that the only secure setup is to have my own router (with original, preferably open source firmware, without giving anyone access to it) between the ONT and the rest of the home LAN.




Only difference makes happiness

 
 
 
 

Shop now for Lenovo laptops and other devices (affiliate link).
SomeoneSomewhere
1882 posts

Uber Geek
+1 received by user: 1086

Lifetime subscriber

  #3064394 16-Apr-2023 23:13
Send private message

Using an ISP supplied router would likely be subject to similar issues, although only to ISP techs, not both ISP and Chorus. Most ISP supplied routers are set up for remote provisioning via TR-069 or something similar. There's also the risk of a router that's running compromised firmware out of the box from wherever you get it.

 

 

 

Setting up your own router with FOSS firmware fixes most of these issues, but it's not just something related to the ONT.


1 | 2 | 3 
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright