| reply to neptune54
Re: Question regarding bridge mode DSL-to-router connectionHi Neptune54,
Relatively to the initial question, you wrote that
the SpeedTouch is run in Bridge mode so i'll start
from there. 1st, lets suppose "Remote Assistance"
can still work in this mode (there's a WAN-side IP
Address, after all), i'd suggest that you test and
verify the necessary adjustments in "Router" mode,
on a temporary basis (only until you know how your
'user.ini' configuration file should be modified).
Once you've got your HTTPS, TelNet, SNMP, whatever
servers working it may be possible to correct your
Bridge mode 'user.ini' file accordingly. Well, it
isn't too clear to me how one would manage to copy
'user.ini' in Bridge mode - as a matter of fact, i
doubt it can be done (at least from the LAN side):
a chicken and egg problem, apparently. On another
hand, i easily imagine someone UpLoading a version
of 'user.ini' which would enable Bridge mode after
the MoDem has been restarted. Unfortunately, this
is highly speculative since i can't test any of my
theories at the moment (my ST546v6 is under test).
Anyway, if STs can be switched from Router mode to
Bridge mode by UpLoading an appropriate 'user.ini'
file then that opens the door to more speculation:
you could use a configuration file which also sets
some WAN-side servers... How!? Well, i'll try to
use my notes the best i can. Please be forgiving!
Go to Home > Toolbox > remote assistance using one
of these two links (i can't tell which is better):
http://speedtouch.lan/cgi/b/ras/?be=0&l0=2&l1=0
http://speedtouch.lan/cgi/b/ras/?ce=1&be=0&l0=2&l1=0
Make sure "Temporary Mode" is selected in order to
get short-lived PassWords only: TelNet sends them
in clear easy-to-read form over the Net... If you
only need to access the unit's GUI then HTTPS will
be the way to go. If the "Remote Assistance" item
is unavailable then you should reset the device to
its factory setup using the link i provided below:
Home > SpeedTouch > Configuration > Reset:
http://speedtouch.lan/cgi/b/info/reset/?be=0&l0=0&l1=1&tid=RESET
Once again, this is from my notes so you've got to
try this for yourself, euh... Ha, yes... If your
MoDem had to be reset to the factory settings then
that means you must run the Wizard to create a new
'user.ini' configuration file. I'll simply assume
this step has been handled properly, we should now
discuss about making your SpeedTouch "Pingable"...
The TelNet CLI commands to accomplish this follow:
service system ifadd name=PING_RESPONDER group=wan
service system modify name=PING_RESPONDER state=enabled
saveall
Now, i vaguely recall that my 1st command line was
not accepted when i happened to use it earlier two
or three days ago. Don't bother, in case of error
just skip to the next line... Now you should have
access to the DSL Reports "Line Quality Testing".
Hummm... What next? Euh... Ha! Well, no TelNet
client connects unless you enabled the server 1st:
service system ifadd name=TELNET group=wan
service system modify name=TELNET state=enabled
saveall
I didn't try this out but i bet it may be similar:
service system ifadd name=HTTPs group=wan
service system modify name=HTTPs state=enabled
saveall
Here's the syntax to limit access to a defined IP:
service system ipadd name TELNET ip {IP-Address}
service system ipadd name HTTPs ip {IP-Address}
Another suitable thing to do would be to limit the
WAN-side user rights to "Read Only" access only...
You can reboot from a fresh factory-reset and try:
user flush
exit
{reconnect via TelNet again}
user add
name = <UserName>
password = PassWord
password = PassWord (once more when asked)
role = root
...
{You tell me what's missing here!}
...
exit
As i wrote, i regret but i can't verify it all for
the moment because my SpeedTouch 546v6 is busy!...
...
Once you clicked on "Enable remote assistance" you
should be able to type "https://x.x.x.x:51003/" or
"TelNet://x.x.x.x" in your favourite browser. I'm
not certain this trick can be adapted to the other
servers (like 'FTP' or 'SNMP_AGENT') but i know my
attempts with FTP were not conclusive. This other
TelNet CLI command may become handy at this stage:
service system list
Remember, 192.168.1.254 won't work on the WAN-side
of your ST nor will speedtouch.lan, or 10.0.0.138!
Ideally, TelNet-based 3rd-party ustilities such as
'DMT'/'STMT' or 'OrbMT' are able to connect. I've
done it before and i testify that this part works:
I probably tested Remote TelNet access via 'OrbMT'
as well, at some point, but i couldn't find a post
with a corresponding capture. In any case, that's
roughly all of what i had to write about the topic
from your 1st post... Past this point you'd still
have to test my initial suggestion to verify if it
makes sense to edit 'user.ini' in hope to activate
the "Remote Assistance" and Bridge options after a
reboot (this is when 'user.ini' is taking action).
AS for router tips, here are well known resources:
http://www.dslreports.com/forum/remark,18947623
The XS4All and PortForward sites are nice to read.
N.B.:
This version of 'STMT' works better for me:
http://modemtool.de/dl/STMTv0.11_Beta3.zip
Other 'STMT' links:
http://www.speedtouch-forum.de/viewtopic.php?p=19175#19175
http://modemtool.de/download.html |
| Wow, thanks for the detailed response.
I understand how to use the remote assistance to connect to the modem's GUI when using bridge mode. However, as pointed out before, telnet is not recommended to be open on the WAN side as its a huge security hole.
So can anyone address my issue regarding the port forwarding through PPPoE mode on the modem? |
| Right, I've already tried that. However, see my note from above:
said by neptun54 :
It works fine when the modem is in bridge mode and the router is doing the PPPoE login, etc. and I had the port forwarding configured on the router.
If I put the modem into PPPoE mode and configure port forwarding to open the port and point to the router, then do the same port forwarding on the router and point it to the workstation, it doesnt work - external connections can't come in to the workstation.
Its probably the dual NATing? (DSL modem NATs, then router NATs again).
|
