Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Routing a /29 over an AM300 in Half-Bridge?

mjb

mjb

996 posts

Ultimate Geek

Trusted

#31233 9-Mar-2009 20:06
Send private message

So, I was under the mistaken impression that routing a /29 over my AM300-in-half-bridge would be easy... apparently not, unless It'll actually work but I'm doing something stupid on my linux firewall.

tcpdump is certainly not showing any incoming traffic on the firewall, but a traceroute on a remote host is getting to my DSL IP, just not to the host after that. Of course with half bridge my DSL IP appears twice, once on the AM300, and second on the NIC on the firewall, and it'll be hitting the first. I'm assuming that the AM300 is not very clever with anything other than the IP it gets from the connection.

I've tried various configurations - with and w/o half-bridge, with and w/o a static route on the AM300, etc etc.

Anyone got any ideas?




contentsofsignaturemaysettleduringshipping

Create new topic
Ragnor
8219 posts

Uber Geek

Trusted

  #200249 9-Mar-2009 21:52
Send private message

You can test whether it's the configuration on the AM300 or on the firewall by bypassing the firewall and plugging any PC straight into the AM300 with dhcp/obtain ip address automatically enabled on the PC.  If the PC is able to send and recieve traffic when un-firewalled like this then it points to a problem in the configuration of your firewall.



mjb

mjb

996 posts

Ultimate Geek

Trusted

  #200256 9-Mar-2009 22:08
Send private message

Maybe, but the problem is not with the general operation of the modem and the IP for the PPPoA link, it's the routing of a /29.

PInging one of the /29 from a remote host, I get ICMP redirects with a next hop of the IP I'm pinging. If I add a static route to the AM300 that routes the subnet to the firewall on the internal private network, I no longer get redirects, but I also get no traffic at all on the NIC of the firewall.

Maybe I need to re-adjust the LAN segment between the modem and firewall to use that /29 range? Maybe it's just time for a Cisco 877 which I know can do this :) Just expensive :(




contentsofsignaturemaysettleduringshipping

mjb

mjb

996 posts

Ultimate Geek

Trusted

  #200263 9-Mar-2009 23:41
Send private message

Nasty, but it does work....

You need to turn off NAT, and disable half-bridge mode. The modem needs to use one of the IP addresses in the /29 range, and then things just suddenly start working. I'm currently experimenting with adjusting the IP range to a /28 so that I can have the modem on a non-routed IP because it's accessible externally otherwise...




contentsofsignaturemaysettleduringshipping



Ragnor
8219 posts

Uber Geek

Trusted

  #200302 10-Mar-2009 10:02
Send private message

mjb:  ...Maybe I need to re-adjust the LAN segment between the modem and firewall to use that /29 range...(


Having the AM300 and Firewall LAN IP's in the /29 range would make sense.  However I wouldn't expect too much from the AM300.  I found the half bridging on the Dynalink RTA1320 to simply work better.  The AM300 struggled when the Gateway was on a different subnet to the WAN IP address then they released firmware to fix that and broke being able to get to the AM300 via LAN ip address when the half bridging is up and running.

mjb

mjb

996 posts

Ultimate Geek

Trusted

  #200308 10-Mar-2009 10:23
Send private message

Ragnor:

Having the AM300 and Firewall LAN IP's in the /29 range would make sense.? However I wouldn't expect too much from the AM300.? I found the half bridging on the Dynalink RTA1320 to simply work better.


Seems to be performing OK at this stage, I am aware that its NAT/SPI implementations leave a lot to be desired, but fortunately in the configuration I have at the moment, they're both off.

Turns out that I can indeed use a /28 between the firewall and the AM300, which now means that the AM300 isn't consuming a 'public' IP on it's LAN side (well, one that's not routed to me at least). The only downside now is that to get full (ab)use of all 8 IPs, I'd need to extend right back to a /26 on that segment, meaning I can't reach a much larger number of potentially legitimate IPs.

Ragnor:

The AM300 struggled when the Gateway was on a different subnet to the WAN IP address then they released firmware to fix that and broke being able to get to the AM300 via LAN ip address when the half bridging is up and running.


Hmm, that wasn't a problem for me - I did have to add an interface alias on the firewall to reach the AM300 on the private net though. What I had was:

LAN(10.0.0.0/24)---(10.0.0.254)Firewall(public IP)---(halfbridge)AM300------Internet

And: Firewall(10.0.1.1)---(10.0.1.254)AM300




contentsofsignaturemaysettleduringshipping

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright