[Moderator note: This thread has been created by merging two separate threads on the same topic.]
I have finally somehow managed to get access to the web admin interface of one of my three DLink PPPoE modems ‘through’ my firebrick router.
I can't exactly remember what I did. I created an additional interface object mapped to one of the ethernet interfaces that goes to one of the modems. Then I created a subnet object associated with it. I set the subnet address range to 192.168.1.0/24 and then I don't remember what else I did so the secret has now been once again lost for the time being.
== Latency and LLC screw-up ===
An interesting thing happened. I noticed that due to my stupid mistake, one of the modems was set to use LLC instead of VC-MUX with PPPoEoA. MTU is 1500 and if you do the arithmetic you see that the total including all headers is 4 bytes over the limit for what will fit into an ATM cell, so a very unfortunate extra 53 bytes transmitted on every full length packet. This has just been discussed in another thread as it so happens, only in the last few days.
Anyway, that mistake means that modem #1 is running 3% slower than it should be. So I fixed it and saved the result.
I noticed ages ago that modem 1 was showing nearly 40% higher latency (ppp lcp ping time) as shown by the AA constant quality monitoring graphs when compared with the other two. So this must be the answer, which had baffled AA staff and me. That modem was working too hard, sending too much data, since on full length packets it always included one junk extra ATM cell compared with correctly set-up modems.
=== Stuffing the Firebrick ===
Anyway returning to the subject of the router. I fiddled about further and somehow managed to lock myself out of the Firebrick altogether. I have no idea what exactly I did to screw things up. I should have used the 'test' function which is designed to prevent exactly this by rolling back the configuration after 5 minutes if you do nothing and in this way it always saves you. I had to beg Mrs Weaver to reset the factory-reset Firebrick for me. Once it has been reset, one of the immediate options presented to you is to load a saved XML config file, which is what I did and recovered things in no time flat.
=== Three modems ===
I am left with the unsolved problem of how to deal with three modems at the same time. This was discussed in an earlier thread iirc. All three modems have web admin interfaces on 192.168.1.1 (I think). I have not seen an option anywhere within the modems’ settings to change this address, so I don't even know if it's possible. If it can't be changed then I would need to get the Firebrick to do NAT-style header rewriting, replacing destination IPs from within one of three defined ranges to 192.168.1.1 and re-routing onto a particular interface based on the original, pre-rewrite destination IP. perhaps it would be necessary to route it to an interface selectively first and then apply address translation after that.
I have absolutely no idea at all if a Firebrick can even do such a thing. Would I just define a subnet for a completely bogus but unique address range and then do something involving turning the NAT facility on for that subnet? Not sure exactly how NAT works, or what the definition of it is on the Firebrick, although of course I am familiar with it in practice as I used to use NAT many years ago with a Netgear router.
But I can't see everything I need to set to control the operation of NAT, unless I am failing to understand. The 'subnet object' has an address range defined for it. I can't see any setting anywhere which corresponds to the src ip address value that is overwritten into the headers when packets emerge from the NATed subnet into the ‘real world’, in the familiar NAT case this would be the CPE's WAN IP address, the address that is visible to all users on the internet and which all LAN hosts hide behind. That value gets put into the NAT translator by some sort of black magic normally. It might come from PPP IPCP iirc. But I can't see any such thing in the Firebrick's config, maybe I have just missed it.
Another thing about NAT. Presumably without ‘port forwarding’ rules inside the NAT translator, you can't access a ‘server’ in the NATed subnet from outside. The conversation, if I am understanding correctly, has to be started off by a ‘client’-like machine inside the NATed subnet which accesses some machine outside, this sets up a translation table entry and a corresponding reverse entry to handle the response. But there is no mechanism for communicating starting from outside the NAT zone because no translation table entries have been set up yet.
So unless I have missed something or failed to understand things, getting monitoring of three modems to work simultaneously is impossible without extra hardware.