[ale] Odd network setup w/ iptables NAT routing

James Sumners james.sumners at gmail.com
Wed Jul 14 11:39:05 EDT 2010 

On Wed, Jul 14, 2010 at 10:59 AM, Michael B. Trausch <mike at trausch.us> wrote:
> On Wed, 2010-07-14 at 08:35 -0400, James Sumners wrote:
>> I understood your situation to be that you have two external
>> connections coming into the firewall 24/7. That is, DSL on eth0 and T1
>> on eth1 (or whatever, I've never dealt with a T1).
>
> That would be correct.
>
>> I thought the "manual" part was all done at a keyboard. Now I
>> understand that you have to unplug the DSL connection from the
>> firewall and plug in the T1? If that's the case, well, I don't know
>> what to suggest in regard to the two networks.
>>
> This is also correct.  I'm just not sure that I understand what bridging
> the two interfaces together would accomplish.  Basically, I have the DSL
> attached to eth0, the LAN attached to eth1, and the T1 line attached to
> eth2.  When packets stop going across eth0 (which I can adequately
> determine by using "ping -c4 <default gateway> > /dev/null" and checking
> the status code), I need to trigger a failover to the eth2 device.  Of
> course, I only had the light-bulb moment about checking the default
> gateway late last night... the DSL modem provides the default gateway.

My thought behind bridging the two external networks together was that
it would mean your connection always works. When one goes down, all of
the traffic would transparently switch to the other. The traffic
coming into, and leaving, your location would be automatically routed
through the live connection by routers that run the internet. But I'm
not a network expert, so that could be a completely wrong statement.

>> I assume you're just power cycling the AT&T modem? I'm fairly positive
>> that you will not be able to power cycle that thing remotely. I'd be
>> shocked if AT&T offers anything that useful. You might look into a PCI
>> modem[1]. Then you can remotely take the interface down and bring it
>> back up via your dial-up connection.
>
> To make things more complicated, this is something of a nonstandard
> setup.  I think that if I print out the whole configuration listing on
> the advanced configuration page, I can probably mirror the
> configuration.  What I *don't* know about DSL is if you have to register
> the device on the network before being able to use it.  I know that at
> least with cable modems, you have to have the network provider whitelist
> the hardware address of the modem so that they will talk to it.  Perhaps
> since DSL authentication is done using PPPoE, that is different?  I
> don't know.

You do _not_ have to register the modem with the ISP. You are correct
in that the PPPoE negotiation is what authorizes you to use the
network. So it doesn't matter if you use the modem AT&T shipped your
or one you buy from a retail store. The catch is that the modem has to
have the proper settings configured for syncing to the network. If you
call tech support then they should be able to tell you what you need
to configure. But I've never used AT&T DSL so I can't speak to their
service.

> I will check into the PCI modem, though, because that would very likely
> solve all of the issues that I have.  I'll just need to figure out
> exactly how they are tunneling the static IP addresses to me; the modem
> picks up a dynamic address over PPPoE and then uses that to gateway the
> static IP addresses.  If everything works out perfectly with this, I
> would be able to use all 6 addresses in the /29 that is allocated to us,
> instead of giving up one for the modem... that would be nice.
>
> Is it too much to expect of any service provider to just work and to
> provide hardware that just works?  I'm beginning to think that it is
> indeed too much of an expectation.
>
>        --- Mike

Atlantic Nexus does exactly this. In fact, the last time I was having
speed problems they worked with me for quite a long time to determine
that the problem was likely with the modem. They shipped me a new one
to try, I only had to pay for shipping. Once it was determined that
the new modem solved my problem I was able to keep it (with that
shipping charge being my only cost). They are Linux and OS X friendly.
They don't block ports or limit bandwidth. The only downside to AtNex
is the requirement that you have an AT&T phone line.



-- 
James Sumners
http://james.roomfullofmirrors.com/

"All governments suffer a recurring problem: Power attracts
pathological personalities. It is not that power corrupts but that it
is magnetic to the corruptible. Such people have a tendency to become
drunk on violence, a condition to which they are quickly addicted."

Missionaria Protectiva, Text QIV (decto)
CH:D 59

More information about the Ale mailing list