Kitz Forum
Broadband Related => Broadband Hardware => Topic started by: Chrysalis on October 31, 2014, 04:38:22 PM
-
Why is this guide?
I discovered today that using one of the spare lan ports on the billion allowed the machine to access my lan, but for whatever reason it had no access to my gateway ip and as such internet. There may be a way to resolve this which I hope to find in future, but for now I found another solution to gain a lan port.
Currently people using bridge mode on the hg612 have to connect a 2nd lan cable to fetch the connection stats or access the gui, this was the same on my billion 8800nl as well, after setting up the interface group (similiar to as kitz posted on zyxel bridge mode guide but on the billion) I had a 2nd lan cable connected to the billion for stats fetching purposes.
However I noticed on this url is a 2nd lan subnet created on the bridge interface.
-
So the first thing I did was on my asus router add a 2nd ip as an alias to the eth0 interface, this is the one with the 169.x.x.x ip which means its the physical eth port for wan connectivity. That is how I identified which interface to use.
I dont know a way of doing this in the gui. it may not even be possible, in the cli I entered this command.
ifconfig eth0:1 192.168.2.253 netmask 255.255.255.0
This allows the router to communicate with other devices on the same subnet. Indeed from the router I can now ping the billion over the wan port.
admin@RT-AC66U:/tmp/mnt/OPTWARE# ping 192.168.2.254
PING 192.168.2.254 (192.168.2.254): 56 data bytes
64 bytes from 192.168.2.254: seq=0 ttl=64 time=1.118 ms
64 bytes from 192.168.2.254: seq=1 ttl=64 time=0.653 ms
64 bytes from 192.168.2.254: seq=2 ttl=64 time=0.865 ms
64 bytes from 192.168.2.254: seq=3 ttl=64 time=0.861 ms
64 bytes from 192.168.2.254: seq=4 ttl=64 time=0.844 ms
and can see here how it is added
eth0 Link encap:Ethernet HWaddr AC:22:0B:2F:2C:A0
inet addr:169.254.242.11 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1508 Metric:1
RX packets:86243344 errors:0 dropped:0 overruns:0 frame:0
TX packets:85361418 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:660906131 (630.2 MiB) TX bytes:4097354541 (3.8 GiB)
Interrupt:4 Base address:0x2000
eth0:1 Link encap:Ethernet HWaddr AC:22:0B:2F:2C:A0
inet addr:192.168.2.253 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1508 Metric:1
Interrupt:4 Base address:0x2000
However I could still not ping from my desktop pc.
This command in a command prompt solves it. (note 192.168.1.253 is my asus router ip so adjust as necessary).
route ADD 192.168.2.0 MASK 255.255.255.0 192.168.1.253 METRIC 5
Note this is lost on a reboot, it can be made persistent either by adding to a autorun batch file or adding the persist flag like so.
route ADD -p 192.168.2.0 MASK 255.255.255.0 192.168.1.253 METRIC 5
Now I can ping and access from my desktop pc and stat collection works again (after editing ip in tool).
So the lan port I gained is on my asus as no longer need a 2nd lan cable connected to the billion.
I do plan to find a way to make the lan ports useable on the billion tho for internet use.
-
apologies to everyone for the incorrect guide, I copied in the wrong stuff from an older doc I made.
assumes the following
192.168.1.x is lan subnet
192.168.2.254 is billion 2nd lan subnet ip (the default)
run the following on the router. (not the billion)
ifconfig eth0:1 192.168.2.253 netmask 255.255.255.0 - this allows the router to contact the billion 2nd subnet. (this applies to asuswrt, other routers may use a different interface, indeed tomatousb uses one of the vlan interfaces).
then run this in the router, this command is valid for both asuswrt and tomatousb, but I dont know if is any good for ddwrt, openwrt etc.
iptables -t nat -I POSTROUTING -s ! $(nvram get lan_ipaddr) -d 192.168.2.0/24 -j SNAT --to 192.168.2.253 - this allows any device on your lan with the 192.168.1.x subnet with router set as gateway to access the billion over the wan cable.
kitz or another mod you can edit my previous post to reflect this thanks.
-
a further update, after updating to the ac68 router today, I have became aware different routers may have different versions of iptables.
The iptables 1.3 syntax is what I posted above which is
iptables -t nat -I POSTROUTING -s ! $(nvram get lan_ipaddr) -d 192.168.2.0/24 -j SNAT --to 192.168.2.253
iptables 1.4 (which is more likely on newer routers), has the not equal to ! sign in a different place as follows.
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.2.0/24 -j SNAT --to 192.168.2.253
-
Thanks for sharing this info :)
-
On my current setup with pfsense which follows the same basics as this guide I discovered a couple nights back that if my WAN goes down to my isp, pfsense will remove the wan virtual ip and as such break the connection to the billion over the wan cable, its not a problem for the asus because that keeps the ip alias and routing intact.
So I will at a later add some more posts for pfsense units but after I find a way to preserve it when the isp WAN is down.
-
Great post Chrysalis, you saved my life :graduate:
Question: since the modem IP address is fixed, i.e. 192.168.2.1 can I change your command from
iptables -t nat -I POSTROUTING -s ! $(nvram get lan_ipaddr) -d 192.168.2.0/24 -j SNAT --to 192.168.2.2to
iptables -t nat -I POSTROUTING -s ! $(nvram get lan_ipaddr) -d 192.168.2.1 -j SNAT --to 192.168.2.2
-
apologies to everyone for the incorrect guide, I copied in the wrong stuff from an older doc I made.
assumes the following
192.168.1.x is lan subnet
192.168.2.254 is billion 2nd lan subnet ip (the default)
run the following on the router. (not the billion)
ifconfig eth0:1 192.168.2.253 netmask 255.255.255.0 - this allows the router to contact the billion 2nd subnet. (this applies to asuswrt, other routers may use a different interface, indeed tomatousb uses one of the vlan interfaces).
then run this in the router, this command is valid for both asuswrt and tomatousb, but I dont know if is any good for ddwrt, openwrt etc.
iptables -t nat -I POSTROUTING -s ! $(nvram get lan_ipaddr) -d 192.168.2.0/24 -j SNAT --to 192.168.2.253 - this allows any device on your lan with the 192.168.1.x subnet with router set as gateway to access the billion over the wan cable.
kitz or another mod you can edit my previous post to reflect this thanks.
Very useful info and I am able to access the modem from the router through the WAN port and if I telnet to the router I can ping the modem, BUT what about the other way round, i.e. why I can't ping the router once I telnet to the modem?