Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 [2]

Author Topic: VMG1312-B10A Question  (Read 8265 times)

22over7

  • Reg Member
  • ***
  • Posts: 101
Re: VMG1312-B10A Question
« Reply #15 on: October 16, 2017, 04:07:34 PM »

Regarding smf2s's difficulty in setting a default route, I looked for strings in the busybox executable,
and saw:
Code: [Select]
[[ip route add default via %gateway% dev %iface%]]
Then I crossed my fingers and typed something like
ip route add default via 192.168.1.254 dev br0
and got with no complaint.  Then
Code: [Select]
~
# ip route show
192.168.2.0/24 dev br1  proto kernel  scope link  src 192.168.2.1
192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.3
default via 192.168.1.254 dev br0

I wonder, cluelessly, what I am missing to ping or traceroute 8.8.8.8?
I can't say I'm gagging to learn about running tcpdump on my router.
Should I disable the firewall?

I can still ping the router at 192.168.1.254 and other 192.168.1.* addresses.
Logged

banger

  • Kitizen
  • ****
  • Posts: 1186
  • TTB 80/20
Re: VMG1312-B10A Question
« Reply #16 on: October 16, 2017, 04:16:48 PM »

I tried the 3 steps on my VMG1312 with firewall turned off but no joy. Maybe the firewall isn't actually turning off on the 1312 as ping just seems to get lost.
Logged
Tim
talktalkbusiness.net & freenetname
Asus RT-AC68U and ZyXEL VMG1312-B10A Bridge on 80 Meg TTB Fibre

https://www.thinkbroadband.com/speedtest/1502566996147131655

22over7

  • Reg Member
  • ***
  • Posts: 101
Re: VMG1312-B10A Question
« Reply #17 on: October 17, 2017, 08:58:01 AM »

I had a little more luck than @banger. 
Seeing a post at http://notes.asd.me.uk/2015/10/06/zyxel-vmg1312-b10a/,
I tried (with a default route set):
Code: [Select]
>
~ # iptables -F LAN_ONLY_INPUT
~ # iptables -F LAN_ONLY_FORWARD
The result:
Code: [Select]
~ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=58 time=17.913 ms
64 bytes from 8.8.8.8: seq=1 ttl=58 time=17.604 ms
64 bytes from 8.8.8.8: seq=2 ttl=58 time=17.800 ms
^C

I've no idea if it's possible to set this up permanently.

Is there for sure absolutely no way of telling the (bridged) modem
where a name-server can be found?

UPDATE: as for DNS, my router has some sort of name service. I found if
I said
Code: [Select]
echo nameserver  192.168.1.254  > /var/fyi/sys/dnsthat I could resolve www.bbc.co.uk
Code: [Select]
~ # ping www.bbc.co.uk
PING www.bbc.co.uk (212.58.246.94): 56 data bytes
64 bytes from 212.58.246.94: seq=0 ttl=55 time=18.832 ms
I suppose it's conceivable the ntp demon will now do something.


« Last Edit: October 17, 2017, 10:18:09 AM by 22over7 »
Logged

smf22

  • Member
  • **
  • Posts: 48
Re: VMG1312-B10A Question
« Reply #18 on: October 17, 2017, 12:00:41 PM »

Thanks for posting your success. I was also looking yesterday at the iptables configuration and whether there was any way to make this persistent and survive reboots. In Linux there's a command iptables-save but that doesn't seem to exist on my VMG8924.

When I was looking to set DNS server address I was hoping to find a way to do this through the GUI. I'm more than comfortable and actually prefer the CLI, but wasn't sure whether any changes made to files such as /var/fyi/sys/dns (with symbolic link to /etc/resolv.conf) would be overwritten at reboot etc.
Logged
BT FTTC 80/20 Huawei Cab - Zyxel VMG8924-B10A bridge mode + Ubiquiti EdgeRouter X

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: VMG1312-B10A Question
« Reply #19 on: October 17, 2017, 04:54:03 PM »

I tried (with a default route set):
Code: [Select]
>
~ # iptables -F LAN_ONLY_INPUT
~ # iptables -F LAN_ONLY_FORWARD

Just a brief comment to mention that the -F flag flushes the following named chain. The end result is that all rules have been deleted, one by one, for the two chains. (Not knowing what were the original rules, I have no idea if you have reduced the firewall to nothing.)

However I suspect that you do know what you are doing!  ;)
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

smf22

  • Member
  • **
  • Posts: 48
Re: VMG1312-B10A Question
« Reply #20 on: October 17, 2017, 05:34:01 PM »

Thanks Burakkucat. In this context and use case i.e., the ZyXel in bridge mode with its IP address configured on a second LAN facing interface and bridge group, disabling the firewall shouldn't be too much of a concern. The router 'in front' of that LAN facing IP should (hopefully) be providing the necessary security services i.e., configured and operating as the firewall.

I've been looking for how the iptables configuration is saved on the ZyXel as then it would simply be a case of inserting new rules, or creating new chains and rules as required for the duties it performs as a bridge modem. No luck as yet.... and at this stage I've not wanted to reboot to test whether changes are saved. Think I'll make the changes and wait for the next power failure as they're fairly regular these days  :'(
Logged
BT FTTC 80/20 Huawei Cab - Zyxel VMG8924-B10A bridge mode + Ubiquiti EdgeRouter X

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: VMG1312-B10A Question
« Reply #21 on: October 17, 2017, 05:40:26 PM »

Think I'll make the changes and wait for the next power failure as they're fairly regular these days  :'(

I will be interested to read the outcome of that test.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

22over7

  • Reg Member
  • ***
  • Posts: 101
Re: VMG1312-B10A Question
« Reply #22 on: October 17, 2017, 07:29:06 PM »

Burakkucat:
Quote
However I suspect that you do know what you are doing!  ;)

I suspect you suspect, rightly, nothing of the kind.

I'm unsure what the security risk is. iptables -L still shows a lot
of complicated stuff, whose meaning is unclear to me.

It seems obvious that someone who guessed or somehow observed unencrypted passwords
on my wifi traffic could wreak all kinds of havoc, if they had the energy.

Logged

j0hn

  • Kitizen
  • ****
  • Posts: 4093
Re: VMG1312-B10A Question
« Reply #23 on: November 17, 2017, 05:07:02 AM »

Just tried this on my VMG1312-B10A and had success.

I did the following...
Resolve the NTP servers hostname. 0.uk.pool.ntp.org to 87.124.126.49
Under the time menu, select "other" for the NTP server and enter the resolved I.P from above.
Disable the firewall.
Add a static route like so:
Active: check
Name: NTP1
IPV4
Destination IP: Resolved IP from above
Subnet Mask: 255.255.255.255
Use Gateway: Enable
Gateway: Your routers I.P (192.168.1.2)
Interface: Default/Bro


I had followed smf22's guide exactly and it wouldn't work. I tried changing the Static route from Gateway: 192.168.1.1 (which my Zyxel uses) to my routers I.P of 192.168.1.2 and it would suddenly ping the NTP server. Returning to the Time window I could see the time was finally correct.
Logged
Talktalk FTTP 550/75 - Speedtest - BQM

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: VMG1312-B10A Question
« Reply #24 on: June 06, 2018, 11:52:58 AM »

Just tried this on my VMG1312-B10A and had success.

I did the following...
Resolve the NTP servers hostname. 0.uk.pool.ntp.org to 87.124.126.49
Under the time menu, select "other" for the NTP server and enter the resolved I.P from above.
Disable the firewall.
Add a static route like so:
Active: check
Name: NTP1
IPV4
Destination IP: Resolved IP from above
Subnet Mask: 255.255.255.255
Use Gateway: Enable
Gateway: Your routers I.P (192.168.1.2)
Interface: Default/Bro


I had followed smf22's guide exactly and it wouldn't work. I tried changing the Static route from Gateway: 192.168.1.1 (which my Zyxel uses) to my routers I.P of 192.168.1.2 and it would suddenly ping the NTP server. Returning to the Time window I could see the time was finally correct.

thanks, just tried this and it worked.
Logged

jaydub

  • Reg Member
  • ***
  • Posts: 351
Re: VMG1312-B10A Question
« Reply #25 on: December 26, 2019, 01:40:25 PM »

thanks, just tried this and it worked.
Ditto.

I have a Negear Orbi router connected to my VMG1312-B10A and still had the Orbi and attached devicees on a seaparte 10.0.0.x subnet and was having no joy.

It took me an hour or so to twig that both the router and modem needed to be on the same subnet and lo and behold the NTP link worked.

Pretty obvious after the event, so just posting in case somene else has had a similar problem.

Thanks j0hn and chenks.  Wouldn't have got their without your postings.
Logged
Pages: 1 [2]