bclbob
join:2000-06-23
Oak Park, IL | reply to x51
Re: Uverse DSL With Static IPS WORST ISP EVER! I couldn't agree with you more. I was considering static IPs on my line but seeing how the DMZ mode works (or doesn't, see my thread on that) and statics basically work the same way, I decided against it.
Even in DMZ mode, its not bridging traffic, it's proxying inside the 2wire. And they even forgot to proxy ICMP, so traceroute doesn't work.
I'm seriously considering trying to hack around the requirement to use the 2wire, it seems like the basic service is ethernet/layer 2 over VDSL, but it seems like the 2wire performs IEEE 802.1X and possibly HTTPS posts to AT&T and 2wire, or AT&T disconnects service on the line.
My day job is a network engineer, and the 2wire makes the U-Verse service a joke. I even have this piece of junk on my "U-Verse Small Business" account. To think I used to mock the piece of junk SMC modem Comcast gave me as part of their small business service, but it seems light-years ahead of U-Verse.
All I want is a bridge modem, so I can take the layer 2 and plug it into my Cisco 3745 router. Or even the ability to use a Cisco 887V router. |
|
|
|
x51
join:2009-05-27
Stratford, CT | So the uverse business has the same device?
From what I read... you cant use anything but the modem they provide. It uses Certificate based authentication for the network, and no other device would work without some reverse engineering and custom firmware. |
|
bclbob
join:2000-06-23
Oak Park, IL | That's what I have and I have the U-Verse Small Business service (ie. more expensive for the same Internet, but my company wants me to have a "business" service for expenses purposes).
I'm trying to figure out if I can use the 2wire to do all of the authentication stuff, but then have some other device really do the IP. I think it would take some fancy layer 2/layer 3 filtering and NAT though. It'd be a fun hack that not many people would be able to pull off. |
|
h3lix0
join:2001-09-30
San Diego, CA | reply to bclbob
I can't get you Layer 2 - but I can at least get you layer 3 routed via the 2wire without the need for DHCP.
1) Configure the normal private IP range.. you probably already have this setup, but you can not configure the 2wire POS using the public IP interfaces.
2) Under the uverse configuration, go to the "Home Network" tab
2.1) Click "Advanced Settings". Down below, you will see a "Public Routed Subinterface" option. This is key.
3) Give your "Router Address" one of the public routed IPs given to you by AT&T.
4) Subnet mask will probably be a /27.. As a network engineer you'll know this is 255.255.255.248 - but for anybody else who is playing along at home, this is what you enter here if you have the lowest static package.
5) "Auto Firewall Open".. select this.
6) Clear your "Device List" by heading to http://ip.of.gateway/mdc and clicking "Resets" on the left hand side. Click on the "CLEAR" next to "Local Network"
7) Add devices onto your network in your IP address range, use the "Router Address" configured above as your gateway
7.1) Ping the gateway "Router Address" from the node you bring up on the network. The gateway seems to be braindead enough not to ARP, so at least this way it knows your MAC address
8) Under the same "Home Network" -> "Advanced Settings" tab, click "Edit Address Allocation" on the right when you have a node online
9) Make sure "Firewall Protection" is unselected. This is what turns this beast into a dumb gateway for your public address range. (It may already be deselected)
Downsides:
For the life of me, I have not been able to figure out why MTR and Traceroute still do not work, even with this thing configured as a gateway. Other than that - enjoy turning your 2wire into a gateway. |
|
| First of all, thanks for posting the rant.  I just ordered Uverse and would have been pissed if I found out about this after my 30day money back period. Has anyone (specifically x51) tried h3lix0's solution? It seems that if this does indeed turn the 2wire box into a plain IP router then it should address the problem.
I've got a slightly different solution if the above doesn't work... x51, you mentioned you had set up linux as a gw/fw. If so, then if you are using a recent distro of fedora, you can try iproute2 and the macvlan kernel mod. It seems to have been introduced sometime between fc7 and fc10. Not sure about other distros. I'm sure you can download the latest kernel and iproute. I wasn't able to get the necessary iproute version via yum on fc7 with stock repo's so I didn't try very hard. This would allow you to configure a/multiple link/s (shows up as an interface via ifconfig) on a single ethernet interface each with a different mac and ip. I tried it out and it sends and responds to arps with the correct ip/mac combos. Seems like this would allow you to build a linux gw/fw/nat box that would do exactly what you want without having to resort to vm's.
I'll have to play with some of this myself once my service is installed. |
|
