Just been doing battle with the GART2-4115 and Safecom firmware, and have come away rather bruised. It certainly doesn't appear to like my 8 public IP's - once the PPP link comes up with the same IP as one on the LAN side it starts behaving oddly and eventually stops responding (and that's before I get into how it crashes when messing with NAT and firewall tick boxes, and fails to firewall if NAT is disabled). There is a FAQ link on the Safecom website for people with 8 public IP's, but it failed with a 404 error when I try to click on it
I have tried putting a Linksys router behind the GART2 running in Bridge mode and giving my ISP logon details to the Linksys and asking it to connect via PPPoE but it never seems to manage to get a connection, although good looking ADSL sync speeds are reported.
The correct answer would be to get a GWART2 and load the RT firmware (of course !) but I'm a sucker for punishment and wondered if anyone else in the UK had managed a PPPoE/Bridge setup ? My ISP says it depends on the exchange, and can't really give any more info than that, but I can't help feeling it'd be a neater solution for a block of public IP's.
--
ian.
Anyone using a GART2-4115 in bridge mode in the UK ?
Re: Anyone using a GART2-4115 in bridge mode in the UK ?
Sounds a bit like this: kb.php?mode=article&k=27minimal wrote:There is a FAQ link...for people with 8 public IP's
RouterTech Team and Founding Member
RouterTech Merchandise (UK)
No support via PM, please ask your questions on the forum!
RouterTech Merchandise (UK)
No support via PM, please ask your questions on the forum!
Thanks Neo - that's exactly how I had it set up (my Zyxel 650 works like that), but once NAT and the Firewall are disabled in the GART2 it allows access to all config interfaces on both the WAN and the LAN (not good), so I enabled the firewall and disabled the NAT and the thing just dies. Every time.
This is veering more towards an issue with the Safecom firmware so I ought to go off and bug them about it, but after reading some of the older posts here I had hoped that Bridge mode might have been a faster answer, as it meant the device was doing less
TTFN,
--
ian.
This is veering more towards an issue with the Safecom firmware so I ought to go off and bug them about it, but after reading some of the older posts here I had hoped that Bridge mode might have been a faster answer, as it meant the device was doing less
TTFN,
--
ian.
No problem, sorry I can't provide more help on that because I have no first-hand experience with public IP blocks. I'm someone else will be able to jump in
I haven't tried it but it should be possible to block WAN access to the config interfaces (perhaps using some port forwards?). How are you testing the WAN access?
Good luck if you try and get some answers from Safecom, that's no mean feat!
I haven't tried it but it should be possible to block WAN access to the config interfaces (perhaps using some port forwards?). How are you testing the WAN access?
Good luck if you try and get some answers from Safecom, that's no mean feat!
RouterTech Team and Founding Member
RouterTech Merchandise (UK)
No support via PM, please ask your questions on the forum!
RouterTech Merchandise (UK)
No support via PM, please ask your questions on the forum!
I had thought about just doing some manual iptables stuff to block the main config ports once it was up and running, but was worried that I wouldn't always be around after a power cycle to re-enable them. I do like the 'fake' port forwarding idea: I just need to check that it'll forward on the right interface as the IP is the same on both sides, but at least that will survive router resets.
I admin the systems at work, so have a Class C full of machines that I can connect into and then back out of to do things like test WAN blocking on my home system.
As for Safecom... Yeerrrrsss... I think I'd rather grab QEMU/GXEmul and the sources to the current RT firmware and see if I can hack it down to fit in 2MB ! The trouble is that on paper their system will do what I ask of it, so I'd have to fight through the first line tech support, explain why I don't do NAT, point out that PPPoA is the only officially support UK option, and then try to persuade them that their firmware is broken and crashes when I try to click on Firewall but no NAT. I get the feeling that if they can't see why RT have an alternative to theirs in the first place then there's little chance of forcing a fix !
TTFN,
--
ian.
I admin the systems at work, so have a Class C full of machines that I can connect into and then back out of to do things like test WAN blocking on my home system.
As for Safecom... Yeerrrrsss... I think I'd rather grab QEMU/GXEmul and the sources to the current RT firmware and see if I can hack it down to fit in 2MB ! The trouble is that on paper their system will do what I ask of it, so I'd have to fight through the first line tech support, explain why I don't do NAT, point out that PPPoA is the only officially support UK option, and then try to persuade them that their firmware is broken and crashes when I try to click on Firewall but no NAT. I get the feeling that if they can't see why RT have an alternative to theirs in the first place then there's little chance of forcing a fix !
TTFN,
--
ian.