how-to block ads
|
|
Uniqs:
1136 |
Share Topic
 |
 |
|
|
|
Reviews:
 ·Google Voice
·Junction Networks
·Callcentric
 ·T-Mobile US
 ·AT&T U-Verse
| Any consumer routers that can do routing? I'm looking for a robust consumer router that can do the simplest routing function of all — simply forward packets between the WAN and LAN interfaces. The option of NAT'ing the RFC 1918 addresses would be awesome, too.
Spoiler alert: after several very long conversations with ZyXEL NA tech support (including the managers; by the way, ZyXEL's tech support is outsourced to Anaheim, CA), I was told that noone makes such devices for the consumer market at all. Is that really true?
I have a 99.124.xxx.xxx/27 Static IP address allocation from AT&T U-verse FTTP; however, the way it worked with 2Wire is that you still get a single regular "dynamic" IP address via DHCP from their common and shared 76.220.xx.xx/22 pool, through which all your traffic to your static IP addresses (in a totally different subnet, as you may have noticed) is then routed. The 2Wire 3800HGV-B then has a setting called "Public Networks" → "User Defined Supplemental Networks", where the user has to manually specify the allocation they have received; subsequently, for each individual device on the LAN (as well as in the default options for the LAN DHCP server itself) you can either assign a public address from the public pool, or a private address from the private pool (with the option of specifying which public address the private address will be NAT'ed to). However, I'm getting rid of 2Wire PoS due to the unlimited number of bugs, stability issues, as well as unacceptable power consumption (2× to 3× higher than the devices below, without even supporting GigE or 802.11n).
Prior to buying the routers as below, I've tried connecting my OpenBSD netbook to the Ethernet port on the SBC ONT directly, to see if I can indeed ditch 2Wire 3800HGV-B PoS, and after some playing with `ifconfig` and `route`, indeed was I getting all the packets for the static block from the internet without any problems!
I've got a ZyXEL NBG4615 to replace 2Wire, then subsequently NETGEAR WNR3500L to replace ZyXEL. Both were (and still are) marketed as routers. When setting up each, I've changed the MAC-address to the one used by 2Wire, and set up my /27 subnet to be used for their LAN interfaces. Apparently, both ZyXEL and NETGEAR happily do NAT of publicly routable IP addresses instead of passing it straight, and neither one can do packet forwarding (also known as "routing", surprise!) between the WAN and LAN interfaces without the NAT.
The ZyXEL does have an option of disabling NAT, so, according to their interface, it's all supposed to work just dandy. However, apparently, in practice it doesn't do any routing between the two interfaces once the NAT is disabled (I presume they erroneously also do something like `sysctl net.inet.ip.forwarding=0` or `sysctl net.ipv4.ip_forward=0` when you disable NAT), so my internet simply stops working immediately and as soon as I disable NAT within their interface. I've contacted the ZyXEL tech support, and they seem to misunderstand what routing is all about, they also claim that no consumer-oriented router can do routing without [also] doing NAT. Is that really true?
In any case, I tell them they have a clear bug with their user interface not functioning the way anyone would expect it to, yet they repeatedly conclude that they'll only address the problem if other comparable products on the market also have the feature ("have implemented their own feature set correctly", they mean?). Pardon me, but how are the obvious bugs in one's interface are related to any other products by any other manufacturer? Especially if all that's concerned is literally a one-bytechange (0 to 1, that's merely a bit even!); strike that, most likely is merely a matter of actually removing one or more lines of code that disables ip forwarding through sysctl when NAT is disabled through the interface. After all, this GigE router is based on Linux 2.6, from what I gather and based on nmap.
The NETGEAR doesn't have any options to disable NAT in their default firmware. Although, to be fair, I would argue that having a default of doing NAT of non-RFC1918 addresses is a major bug in and of itself, and any NAT-disable options in any interface are only really meant to apply to the RFC1918 addresses in the first place.
So, just out of curiosity, any consumer routers that can actually do the simple routing, please?
Is AT&T's setup of two different subnets (as explained above) really so uncommon in the ISP world to not get any attention of third-party consumer router manufacturers?
Am I actually doing something wrong, and is this whole thing supposed to be configured some other way? Or is this really too advanced and is not supposed to work with consumer off-the-shelf routers at all?
Any firmwares to recommend for WNR3500L that were actually thought out to be a great fit for packet forwarding and multiple routable IP addresses, over two subnets as above? I just want my subnet to work, nothing too fancy, really. That said, it would be disappointing to actually have fewer features than what was available back with 2Wire, e.g. it would be nice to continue having the ability to have two IP-address pools for my LAN, one public and one private. A SIP registration server, HE's IPv6 TunnelBroker.net support and authoritative DNS would be a plus, too, though. SNMP won't hurt, either. (-: Looking for something stable that I could install with uptime of months, and which would not break when I need to make simple changes of adding new LAN devices etc.
P.S. BTW, apparently, the ZyXEL tech support guys in Anaheim quite misunderstand what routing between two interfaces is all about. They claim that I want some kind of "advanced router", whereas their product only offers NAT routing (what is "NAT routing" anyways? do they mean "routing + NAT"?), disregarding the fact that they explicitly have the option of disabling NAT in their interface, where the router is still advertised to be in the Router mode (they have a separate option to select the Mode between Router Mode, Access Point Mode etc). I assume that their NAT-disable option not only disables NAT, but also sets `sysctl net.ipv4.ip_forward` to 0. ZyXEL tech support suggested all sorts of things, from using the router in bridge mode, and configuring my host computers to be on my /27, yet somehow have me specify the AT&T gateway from the shared /22 (I'm, like, really?). | |
 AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | Your credibility suffered with me from the get go. Tech support is not outsourced, it is part of Zyxel USA in California. They also have different tiers depending upon the complexity of the issue and type of device (all in the same building). They probably passed you to the janitor after realizing you were trying to shove spaghetti up a straw, so as to be able to provide support to bonafide clients.
Zyxel has business class routers covering all the things you discuss. They tend not to try and undercut their business products with consumer products with the same range of capabilities. In addition, their DSL modems routers (in NA) have become more and more so strictly ISP products (and extremely limited to what is available in Europe).
What you need to do is look at DD WRT, tomato etc.... the third party linux derivatives of firmware to see which has the feature set you desire and get an appropriate consumer router to host that firmware. (Asus rt N16 and upcoming Asus rt N66U are good candidates for tomato for example).
Otherwise suggest you have ur head stuck in the sand expecting consumer routers with stock firmware at least in NA to do what you ask. Experience and options in EUrope and Asia may differ. Believe me I would love to be wrong, just so I dont have to read ur posts. 
Finally, if your so precient just get an old PC and program it with pfsense or one of those options, lots of flexibility and perfect for know it all's. If you prefer something off the shelf suggest the following.
»store.netgate.com/Netgate-m1n1wa···C83.aspx
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment | |
| reply to ConstantineM
Just to clarify, a packet forwarding is NOT routing. A Packet forwarding is a means to match an ACL and sending it in it way. Routing uses no acls by design although it can to create specific path selection, etc.
I am not quite sure what you are intending on doing as none of it makes sense, but if you are looking for a routing feature between interfaces with the NAT, you could use your NetGear and install dd-wrt on it which does support RIP.
Again, not sure why anyone sound would like to run RIP when connecting to ISP with a single static out interface, but...
I hope that helps. | |
Reviews:
·link2voip
 ·TekSavvy DSL
| reply to ConstantineM
said by ConstantineM:So, just out of curiosity, any consumer routers that can actually do the simple routing, please?
I only skimmed your post, but I believe that is the gist of it. Flash the WNR3500L with Tomato (first with dd-wrt, then TomatoUSB, then do a 30-30-30 reset), and uncheck the box to do NAT. Voila.
said by Anav:http://store.netgate.com/Netgate-m1n1wall-2D3-2D13-Red-P218C83.aspx pfsense is another nice option, and Netgate preloads the m1n1walls for you for just pennies. Be sure to get the red one.
--
db | |
Bink
join:2006-05-14
Denver, CO
kudos:4
2 edits | reply to ConstantineM
If OpenBSD does what you want, why not just buy something like an ALIX, install OpenBSD on it and call it a day? I understand most consumer-class routers will route by simply telling them not to NAT—even the cheapest of Linksys’—but I refuse to use a consumer-class router myself. That said, OpenBSD is doing my routing at home—it’s just too flexible and the userland tools are too great for me not to. | |
 BranoI hate VogonsPremium,MVM
join:2002-06-25
Burlington, ON
kudos:3
·Bell Fibe
| reply to ConstantineM
As already mentioned, look at the ZyXel USG series, the start at quite affordable prices.
Check USG20 to USG100
Link for USG50 »us.zyxel.com/Products/details.as···ED195DB2
..the line between consumer and business is blurred | |
| reply to clarknova
color should make no difference as it's just the preference based on the info provided | |
Reviews:
·link2voip
·TekSavvy DSL
| said by Da Geek Kid:color should make no difference as it's just the preference based on the info provided
Nice try, but I think that most people know by now that red is always faster.
--
db | |
| Yup as in Red Ferrari, or was it Yellow Lambo, or a Green Aston! Ah, But I prefer Black Porsche 911 GT2 RS! | | |
|
| Even if I concede to call it a tie, pfsense's theme is red, so the tie is broken. Red wins.
--
db | |
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | reply to ConstantineM
C'mon that red thang is butt ugly. Even an untrained monkey can discern a design disaster. | |
Bink
join:2006-05-14
Denver, CO
kudos:4 | It has a serial port! Which is a thing of beauty to most geeks! | |
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | reply to Anav
.
Lets ask the holy and Purrfect Dali "meow meow" Llama for guidance......... | |
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | reply to ConstantineM
What's that,,,, A Sacred device should be clean and elegant and oh yes I will post that example right away. View beauty incarnate and blessed to boot!!
Whats that...... tell the neophyte impressed by ports to view another Sacred device......oh ok. | |
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | reply to ConstantineM
| |
 DrTCPYours trulyPremium,ExMod 1999-04
join:1999-11-09
Round Rock, TX
1 edit | reply to ConstantineM
said by ConstantineM:Spoiler alert: after several very long conversations with ZyXEL NA tech support (including the managers; by the way, ZyXEL's tech support is outsourced to Anaheim, CA), I was told that noone makes such devices for the consumer market at all. Is that really true? ZyXEL USA is in Anaheim, CA. AFAIK, It is not outsourced.
I've got a ZyXEL NBG4615 to replace 2Wire, then subsequently NETGEAR WNR3500L to replace ZyXEL. Both were (and still are) marketed as routers. When setting up each, I've changed the MAC-address to the one used by 2Wire, and set up my /27 subnet to be used for their LAN interfaces. Apparently, both ZyXEL and NETGEAR happily do NAT of publicly routable IP addresses instead of passing it straight, and neither one can do packet forwarding (also known as "routing", surprise!) between the WAN and LAN interfaces without the NAT.
The ZyXEL does have an option of disabling NAT, so, according to their interface, it's all supposed to work just dandy. However, apparently, in practice it doesn't do any routing between the two interfaces once the NAT is disabled (I presume they erroneously also do something like `sysctl net.inet.ip.forwarding=0` or `sysctl net.ipv4.ip_forward=0` when you disable NAT), so my internet simply stops working immediately and as soon as I disable NAT within their interface.
I've contacted the ZyXEL tech support, and they seem to misunderstand what routing is all about, they also claim that no consumer-oriented router can do routing without [also] doing NAT. Is that really true?
Am I actually doing something wrong, and is this whole thing supposed to be configured some other way? Or is this really too advanced and is not supposed to work with consumer off-the-shelf routers at all? | |
Reviews:
·Google Voice
·Junction Networks
·Callcentric
·T-Mobile US
·AT&T U-Verse
| reply to Anav
said by Anav:Your credibility suffered with me from the get go. Tech support is not outsourced, it is part of Zyxel USA in California. They also have different tiers depending upon the complexity of the issue and type of device (all in the same building). I stand by my words. ZyXEL is a Taiwanese company, with a Taiwanese R&D, and they do outsource their NA tech support to Anaheim, CA. Hard to believe something is outsourced to NA? :-p
I was a big fan of my Sprint ZyXEL Prestige 645 modem, then a couple of related ZyXEL models by Embarq, which were pretty awesome devices with an impressive set of features. That's the reason I went with NBG4615, only to find a huge disappointment at the feature set and lack of telnet configuration. Apparently, they've switched to Linux!
So, you are also of the opinion that forwarding packets between two interfaces, without doing NAT, is something that's beyond consumer products? E.g. something that's accomplished without even having any NAT, any kind of router software in userland, merely with one kernel option at runtime, namely, `sysctl net.ipv4.ip_forward=1` on Linux, `sysctl net.inet.ip.forwarding=0` on BSD?
Noone has addressed my question of how people are supposed to be using Static IP addresses with their consumer routers. Is the implied answer, "they aren't supposed to"?
I'm merely looking for a router that won't NAT non-RFC1918 addresses, and which would have IP forwarding enabled. NAT is only really meant for RFC1918 anyways.
The Netgate m1n1wall 2D3 / 2D13 Red seems nice (love the colour!), until you see that it doesn't even have GigE, or any WiFi. If Soekris net6501-50 was the price of the m1n1wall, I might consider it, but at the price range of the entry-level ProLiant DL110 G7 enterprise server with latest generation Intel Sandy-Bridge Xeon E1220 quad core processor and ECC DDR3, it's outside of my price range for a mere home router. | |
Reviews:
 ·Comcast Business..
·AT&T Midwest
| Ok mundane question... I have a couple U-verse static single IP accounts on ADSL for work. These devices get a fixed static IP each time the PPPoE connection is made. In the username I had to add user@STATIC.att.net... Did you try this?
Also on these same accounts to bypass the 2wire POS as you put it I connected a Cisco ASA configured with the same public IP and route as the WAN side of the modem. This allows me to bypass the 2wire alltogether and go about my business.
So what you may want to try before blowing more steam is to take one of your other routers and configure them with the static IP and route and connect it to the LAN port on the 2wire, then see if you're able to get out from there with your static IPs. I agree that the U-Verse modem is not the most high end user friendly but if I figured it out anyone else should be able to also. | |
Reviews:
·Google Voice
·Junction Networks
·Callcentric
·T-Mobile US
·AT&T U-Verse
| reply to Bink
said by Bink:If OpenBSD does what you want, why not just buy something like an ALIX, install OpenBSD on it and call it a day? I understand most consumer-class routers will route by simply telling them not to NAT—even the cheapest of Linksys’—but I refuse to use a consumer-class router myself. That said, OpenBSD is doing my routing at home—it’s just too flexible and the userland tools are too great for me not to.
That's the thing! Apparently, the NETGEAR doesn't have any option to disable NAT, and it does happily do NAT of routable IP addresses. Haven't contacted their tech support about this issue, though...
ZyXEL has the option to disable NAT, but they also obviously seem to be disabling ip forwarding, as no packets are forwarded between WAN and LAN after one disables NAT... One ZyXEL representative even suggested I sell my ZyXEL on eBay (it's past the return window), and try a Linksis instead. (-:
Anyhow, an update:
I was speaking with an Assistant Manager Technical Support, ZyXEL Communications, Anaheim, CA, to not many results, and pretty much the very same explanations as the regular support guys, so I gave it up a few weeks ago. However, I picked up yesterday at where we're left off, and after I now have specifically told him about `sysctl net.ipv4.ip_forward` yesterday, and that they must be erroneously turning it off when one disables NAT, and that NAT itself cannot be done without ip forwarding being enabled, they've replied to me with a firmware file to test!
Just a refresher, that before this, they claimed that what I requested was too advanced, and they only do the simple NAT in consumer routers, and that they cannot do routing or packet forwarding without NAT! They even asked me repeatedly before that, how would the router know where to send the packets if it's not doing NAT? I'm, like, what kind of question is that, what happened with the standard kernel IP routing table? One more proof that the idea that the tech support can solve your problems or do any kind of advanced troubleshooting is somewhat of a myth, and you actually have to do your own research to get anything done.
P.S. I'd happily switch to BSD in one go if there was an affordable consumer-priced router based on it. | |
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | reply to ConstantineM
said by ConstantineM:I stand by my words. ZyXEL is a Taiwanese company, with a Taiwanese R&D, and they do outsource their NA tech support to Anaheim, CA. Hard to believe something is outsourced to NA? :-p Thanks for the laugh of the day, I sprayed my coffee all over. 
(not disputing that zyxel is a taiwan company but NA is handled by Zyxel USA ie North American Headquarters!!!) | |
|
