When I got access through my Firebrick router to my modems’ admin interfaces working, I did it by the following method.
I set up a Firebrick config interface object and subnet object for each modem. Each one had a subnet IP range that was distinct, over modem. They were 192.168.n.254/24 where n is 1,2,3,4 per modem. The Brick was .254 on each subnet and the modem was .1.
Now this was simple and each modem was different at 192.168.n.1.
This however is a pain because each modem has to know where it lives and each config has to be different and correct per-assigned ‘slot’ it’s going to live in. I wrote a program to tweak a modem config file and adjust addresses to be right for the nth modem or ‘slot’.
But now I’m starting to think this was unnecessary madness.
Would it work if I made all the subnets the same and just configured every modem to be 192.168.1.1 but with the following changes ?
I set up a load of static routes to direct any packets coming in to the Firebrick and which are addressed to dest addresses 192.168.n.1 so that they go to the nth modem interface and arrange for them to be rewritten so the source and dest addresses are acceptable to the modem. Would this work?
I’m not entirely sure how to do it but I can guess. I just define a route somehow and or use a route override and then aim assuming after that the packet can be regarded as ‘aimed at’ modem admin interface n and would match a firewall rewrite rule that uses the condition destination=IF‑MODEMn.
Would this however wreck the NTP access thing that I’ve set up? Even with appropriate adjustments to everything for the new addressing, that is. The thing is, if the modems all have overlapping non-unique LAN IP ranges then how would NAT work ? Would it break? I rely on NAT in the NTP hack case, because when stuff goes out onto the internet to the external NTP server, I need to get the source addresses set up correctly. I also need NAT to handle the return path. `but would that latter function still work ? Would it just be intelligent enough to simply handle it? Perhaps by keeping some kind of global uniqueness across one whole table that covers everything. If it relies on the originating source subnets being uniquely routable within the Firebrick then I’m knackered.
AA did achieve this kind of thing themselves by using multiple routing tables iirc. But their setup for modem access used multiple dest ports to address each modem’s web admin interface which I think is horrible because it is a pain to use and isn’t scalable, you have then frig every protocol again and again, telnet can work because the standard port would have to be changed to be per modem and so on and so on, a nightmare without end. And I didn’t understand their table thing which is my fault. But I just wonder if their kind of technique would break my NTP server access too.
Author
Topic: Firebrick modem admin access alternative strategy (Read 769 times)