dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3986
share rss forum feed

dthompson

join:2013-08-01

[DSL] 1 Static + 5 Static IP Addresses

Hi, new here. I've recently been given the following provision from TekSavvy for my new DSL Connection:

Single Static IP Address of: 69.196.152.XX
/29 (5) Static IP Addresses of 69.165.216.XX + 5

I've had DSL before and never had an issue or seen a setup such as this so I am hoping someone can help.

I can make the connection with either the sagecom VDSL modem or my firewall but I am only ever able to obtain the initial single static IP address.

How does one go about obtaining the other 5 static IP addresses in order to utilize them? I can't for the life of me figure out how this is done.

On the sagecom I don't think there is any way to obtain the extra 5 IP's I'm paying for, and on the firewall that I've used in the past, I can't get it to work with the 5 external IP's either.

Any help from anyone who's setup this type of configuration before would be greatly appreciated.

Thank you,
David


clarknova

join:2010-02-23
Grande Prairie, AB
kudos:7
You need a router that has the ability to route without NAT. Assign one of your five to the LAN interface, assign the other four to your LAN hosts, using the router's address as gateway.
--
db

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
reply to dthompson
If you were assigned a /29, your numbers seem to be off?

69.165.216.0-69.165.216.7 would be assigned to you, .0 is the network .7 is the broadcast

Then as clarknova said, you need a router without NAT, your single static goes on the internet side, your block, pick one (.1 is common) for the inside, and statically assign or DHCP your addresses as a normal NAT router would.
--
Yes, I am not employed and looking for IT work. Have passport, will travel.

dthompson

join:2013-08-01
reply to dthompson
right. Thanks for the quick replies guys. The problem with this is the sagemcom modem / router isn't able to be bridged easily from the web interface.

The fact that this exists stops me from being able to use the service with the 5 static IP's I've got from TekSavvy so far as I can tell.

Having to downgrade the firmware on the device, enable telnet, enable the bridging and then setting it up, seems quite couter productive as far as I can tell. Unless I am missing something, its the modem/router that doesn't give bridging abilities that stopping me from doing what I need to do.

I would say that if this is what teksavvy did (sold me the 5 static IP's), full well knowing that I would encounter this error and not mentioning it to me before selling me the server, well thats just very underhanded in my opinion and not very upfront about the hassles one would run through in order to get the service, that by default, should be extremely easy to deploy.

I've never seen a DSL setup like this before and I've installed quite a few multiple WAN IP's over PPPoE and have never had to do anything like this before. Ever.

s_tux_g

join:2012-03-03
reply to dthompson
Here is a network topology you may follow (69.196.216.64/29 network for example):

»/r0/downloa···work.png

Also, you can simplify it by removing "WAN switch" and connecting only one server directly to the router. Your server's Ethernet interface can be initialized by 5 remaining IP addresses you have (IP address aliasing). The network topology will look like:

»/r0/downloa···ork1.png

NAT has to be set up in router only for 192.168.0.x/24 network. I have similar to the first picture installation at home. Unfortunately you may need a little bit more advanced equipment (router & switch) than simple consumer electronics.

elitedev

join:2013-05-05
Chatham, ON
reply to dthompson
There is nothing underhanded about it.

They sell them to the customers that want them and know how to use them, if you didn't know what you were getting into then you should have researched it beforehand. I'm not trying to sound offensive, but you can't really expect customer service agents to know this stuff.

Also FYI, Teksavvy does not offer support for their subnets. It's one of those advanced "you're on your own" things.

dthompson

join:2013-08-01
reply to s_tux_g
Thanks for this, but the issue is that the sagemcom modem provided by Bell to TekSavvy isn't able to run in bridge mode by default. its this issue that would force a double nat since the modem can't be put into bridge mode and the router, while auth with pppoe, would cause the double nat.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
reply to elitedev
To not know that you can't get bridge mode on the Sagecom modem, wouldn't be something expected.

I expect when given a PPPoE login, I wouldn't be forced (without extreme measures) into not using my own router to login.

-To be fair to dthompson
--
Yes, I am not employed and looking for IT work. Have passport, will travel.

s_tux_g

join:2012-03-03
reply to dthompson

I've never seen a DSL setup like this before and I've installed quite a few multiple WAN IP's over PPPoE ...

There are NO "multiple WAN IP's over PPPoE". PPP (Point-to-Point-Protocol) is used to establish connection only between two nodes. You are still establishing the same PPPoE connection with ISP regardless you have an additional block of IP addresses or not. You assign additional 6 addresses (1 for router and 5 for servers) statically to your WAN network devices and connect this network to your router. Your single static address is used as before. You may obtain it from ISP's DHCP server or assign statically as well (if you know how to configure the rest of the netwok, like information about DNS servers).

For instance, I don't use ISP's DNS. Since I have dedicated UNIX server anyway I have running my own recursive DNS server for my network.

elitedev

join:2013-05-05
Chatham, ON
reply to kevinds
To be fair, it's also not impossible to get bridge mode on the Sagemcom. It's just a bit more complicated than it should be. All the information on how to do it is right in the thread on the first page of this forum.

henry128

join:2010-09-03
Mississauga, ON
kudos:1
reply to kevinds
Well, not quite. If you don't need perfection, Sagemcom's PPPoE pass-through does work. If you're not picky about needing "real" bridge mode (or using > 35 Mbps), it's quite easy to use your own router. I'd argue it's even easier than other modems where you have to manually set it to bridge mode, since PPPoE pass-through works without needing to set anything.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
reply to elitedev
Yes, that is what I was refering to as extreme measures

I think it was just bumped to the top, but I don't see it on the first page normally.
--
Yes, I am not employed and looking for IT work. Have passport, will travel.

MFido

join:2012-10-19
kudos:2
reply to dthompson
said by dthompson:

I would say that if this is what teksavvy did (sold me the 5 static IP's), full well knowing that I would encounter this error and not mentioning it to me before selling me the server, well thats just very underhanded in my opinion and not very upfront about the hassles one would run through in order to get the service, that by default, should be extremely easy to deploy.

Now I guess you go a bit over accussing Teksavvy about seeling you something you asked for You ask for it ... they provide it ... you manage it ... You just have to know how to do it . The /29 has 6 available static IPs ...form a total of 8 ... someone clarified that for you above

But I see the guys here put you on the right track

dthompson

join:2013-08-01
reply to dthompson
So the saga continues. Before everyone jumps on me again about not knowing whats going on, I have a firewall that I've used in multiple places that supports Multiple WAN IP's. I've used it on both Rogers and Bell based networks and its always worked.

Can someone please answer me this question.
With my static IP address, if I ssh to another host and start pinging the IP address, it replies as it should. If I pull the telephone line on the VDSL Modem, the pinging stops responding. This is correct.

Now, if I do the same with the first in my /29 range, it pings. So for instance, I can ping 69.165.216.145
It pings and pings. If I then pull the telephone cable on the VDSL router, it continues to ping. This doesn't seem to be right to me. By the way, the .145 is the only ping-able IP address from the /29 that responds to pings.

Can anyone confirm if this is right or not, as I've never seen any IP address before where it continues to respond to ping requests even after the network has been disconnected.

For the record, I have both rogers and teksavvy in my place right now, so I am pinging the teksavvy IP from my rogers IP, so its not the fact that I'm trying to ping from inside the teksavvy side, pull the plug and it goes down. Its pinging from an entirely different network on the WAN side.

I think its something on teksavvys side for even if I do an nmap of the network: nmap -vvv -P0 69.165.216.145 -p 1-1024

It returns that ports are either open or filtered. In fact, the only NAT rule that I have setup on the firewall for that IP is ssh in order to nat through from 69.165.216.145 to an internal network IP address, which by the way if I change / add the WAN IP address from my /29 range of IP's to the single static IP address it works fine.

Thanks,

s_tux_g

join:2012-03-03
All static IP addresses you own (1 single IP + additional block of 6 IP addresses) have to be accessible from the Internet and from your local network. As I said before, NAT has to be set up only for your local home network. While you are setting up your network remove any rules/filtering (firewall) from your router. You can do it after everything is working.

I sent a private message to you where I listed all my public IP addresses. You can ping, scan open ports (nmap) etc. They are fully accessible.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
reply to dthompson
Yes, it should do that, because all your IPs are internal at that point.

Would be no different pinging 192.168.0.1 (NAT network) when your internet was down.
--
Yes, I am not employed and looking for IT work. Have passport, will travel.

s_tux_g

join:2012-03-03
reply to dthompson
I forgot to mention. There are lots of online tools like ping, traceroute, DNS lookup etc., simply google for "ping online". Use them to test your public network.

dthompson

join:2013-08-01
reply to kevinds
explain how they are internal. If I pull the telephone cable and disconnect my PPPoE connection, the IP's are no longer active and up (on my end). If this happens, how can I no longer ping the single static IP, but can ping the 1 IP from the /29. Remember, Ive disconnected the WAN side at this point.

s_tux_g

join:2012-03-03
Let me interrupt your question a little bit? They are "internal" because they are connected to the same router. "kevinds" didn't make distinction between Internet address space and dedicated IP addresses for local networks. I guess this is what he meant.

dthompson

join:2013-08-01
reply to s_tux_g
Your missing the point. Maybe I'm not putting this correctly. I do use these tools. I use these tools on my other network thats NOT connected to the TekSavvy Network. The point is this:

If I ping (on the external wan from another ISP to the external WAN of the IP's designated to TekSavvy for me, the .80 IP responds when the PPPoE auth is connected. If I ping the .80 IP when the PPPoE has been disconnected, it doesn't respond. This is correct. Network up, I allow ICMP responds. Network down, IP isn't available, no reply, 100% Packet loss.

If I ping the .145 network when the PPPoE auth is connected, it responds. When I ping the .145 network when the PPPoE has been disconnected it still responds. This is incorrect, yet this is the situation. Try it yourself. DNS lookups and tracroutes are not the point here, but here is the traceroute from my Rogers network to the .145:

traceroute to 69.165.216.145 (69.165.216.145), 64 hops max, 52 byte packets
1 control.digidns.ca (172.16.10.1) 0.650 ms 0.530 ms 0.465 ms
2 7.65.108.1 (7.65.108.1) 8.566 ms 8.117 ms 9.898 ms
3 24.156.135.101 (24.156.135.101) 14.028 ms 12.416 ms 11.951 ms
4 69.63.249.117 (69.63.249.117) 15.960 ms 18.407 ms 12.029 ms
5 69.63.250.93 (69.63.250.93) 9.957 ms 10.350 ms 10.103 ms
6 paix.tor.packetflow.ca (198.32.181.37) 11.965 ms 13.409 ms 11.999 ms
7 69-165-216-145.dsl.teksavvy.com (69.165.216.145) 11.895 ms 10.169 ms 10.022 ms

The Public .145 always responds whether the modem is connected to the teksavvy network or not. So even if the modem is turned off, disconnected from the network, and locked in a closet, which by the way is the most secure way to manage a computer, it still responds to an ICMP request. It is also the only IP address that responds to a PING request out of the entire /29 network I've been assigned.

This to me makes no sense. Hopefully I am explaining that clear enough to you to understand it.

The Nating isn't an issue, I've got all the nats setup for the WAN IPs and they should work without issue as I've set these up the same way when I was with Telnet Communications who have the same basic setup, except that they didn't hand out a single static IP and then an additional /29 subnet. It was just a /29 subnet with the first IP being the first usable in the /29. Its also the same with the Rogers 5 static IP's that I have from them and it works. Perfectly. Same firewall.

I can take any WAN IP I've been given and nat through a specific port or protocol to an internal IP address (172.16.10.X) in this case. I can build a group of them in my firewall so that any request on port 22 from either the static or the /29 can be sent to an individual internal IP address. I've done this many times with the exact firewall I am using here, never had an issue.

The issue I seem to be having here is with the fact that I can always ping the .145 assigned from the /29 whether the Bell VDSL modem is on or off and whether the PPPoE auth is connected or disconnected.

s_tux_g

join:2012-03-03

Your missing the point...

Sorry and good luck with your computer networking mess setup!

dthompson

join:2013-08-01
Didn't mean to come off offensive if thats the way you've taken it. Sorry. Thanks for the help anyways


oceros

join:2013-07-20
St Thomas, ON
Reviews:
·Rogers Hi-Speed
reply to dthompson
if it is responding when your modem is off, is it just assigned already to another device, as in, not yours?
should the routing be going right from toronto packetflow to the destination IP? i'd expect hop(s) after that. does the trace to that primary static ip look the same?

/shrug
i'm curious to see how this pans out but i don't have experience with that kind of setup.

dthompson

join:2013-08-01
Trace route to the other primary static IP is completely different. Not even similar:

traceroute to 69.196.152.80 (69.196.152.80), 64 hops max, 52 byte packets
1 control.digidns.ca (172.16.10.1) 0.826 ms 0.681 ms 0.476 ms
2 7.65.108.1 (7.65.108.1) 10.179 ms 7.884 ms 9.999 ms
3 24.156.150.185 (24.156.150.185) 13.971 ms 10.404 ms 11.962 ms
4 69.63.249.121 (69.63.249.121) 21.968 ms 16.363 ms 11.966 ms
5 69.63.250.93 (69.63.250.93) 9.966 ms 12.342 ms 10.961 ms
6 paix.tor.packetflow.ca (198.32.181.37) 44.967 ms 11.323 ms 9.949 ms
7 2110.tengigabitethernet-0-0-0.lns02.tor.man.teksavvy.com.packetflow.ca (69.196.136.47) 11.020 ms 14.254 ms
2150.tengigabitethernet-2-0-0.lns02.tor.man.teksavvy.com.packetflow.ca (69.196.136.168) 12.972 ms

Its ends a long time after that with just *** at 64 after a few more hops.

I'm going to phone TekSavvy tomorrow as you've hit the nail on what I've been trying to say tonight. The /29 subnet I have assigned ins't properly assigned to me, but to someone else (or another device on their network).

I see no reason why an IP would respond if its not online. Since that /29 is supposed to be desingated to my account PPPoE settings, if I unplug the phone cable killing the connection to the network and thereby taking down the PPPoE authentication to teksavvy, that IP on the WAN side should not respond to any ping request. Instead it should be a timeout.

I'll let you know how I make out / what I find.

dthompson

join:2013-08-01

2 edits
reply to dthompson
.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
reply to s_tux_g
I consider IPs that I don't control External, they are outside my router

IPs that I control are inside my router, so they are internal.

Doesn't matter if it is a NAT'd network or public IPs, they are still inside my router/network
--
Yes, I am not employed and looking for IT work. Have passport, will travel.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
reply to dthompson
Is this your assigned static? 69.196.136.168

dthompson

join:2013-08-01
nope. If you are referring to the first static outside of the /29 its 69.196.152.80

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw

3 edits
Can you post the missing part of the traceroute?

You said it ends a few hops after that.

If it is a routing issue, the traceroute should show it.

Make sure at the same time, that your single static is connected and pingable.

--
Yes, I am not employed and looking for IT work. Have passport, will travel.

kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw
reply to dthompson
Looking at this again from home...

69.196.152.80 - is your single assigned static,

If you can't traceroute to it, that means your static isn't responding to pings, be sure to allow your IP to respond to pings in your router settings.

Then run another traceroute to your /29 IPs, which ever you have assigned to 'inside' interface on your router.

The last hop, or 2nd last hop should be your IP 69.196.152.80
--
Yes, I am not employed and looking for IT work. Have passport, will travel.