Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[highpriest]

Can the VMG1312-B10A be made to use one cable for bridging and stats.
Could only find it for 2 cables in the guides

What router are you using? In bridged mode, if you are using two separate subnets (one for modem <-> router and the other for your home LAN), the modem does not have a default gateway, so the packets will make it to the modem but won't come back. So basically you have to source NAT packets going from your LAN subnet and hide it behind the IP of the interface of the router that is plugged in to the modem.

This is what I use (on my EdgeRouter) to do the same thing:

Code: [Select]

ubnt@ubnt# show service nat rule 5011
 description VDSL_Modem
 destination {
     address 192.168.2.0/24
 }
 log disable
 outbound-interface eth1
 protocol all
 type masquerade
[edit]
ubnt@ubnt#

NAT rule 5011 is what does the job. Any traffic destined to the modem VLAN (192.168.2.0/24) 'masquerades' behind the IP address of eth1, which is the interface plugged into my modem (also a Zyxel).

[Weaver]

I have my main lan IPv4 range in a non-RFC1918 routable block ie. not 192.168.*.*. The modems were put at 192.168.x.1 each having its own distinct ipv4 admin IP address. It suited me the best all things considered, the only other option, which I am unsure about, would have been to put the modems in my main routable block, but then I don’t know how many problems that would cause for the router. I would have been able to let my ISP see the modems more easily though, as they would have routable admin IP addresses so they could look at them directly over the internet.

If you use Nat for your main LAN IPv4 addressing suppose you could use 192.168.0.* for your main LAN ipv4 and 192.168.1.1 for the modem admin I/f - that might be a reasonable setup that is unambiguous.

[Pauljbl]

I am using openwrt and have added a interface on the wan with the same subnet as the modem but different from the router subnet. I did this for my hg612

I wondered if the zyxel modem needed any special rules or forwarding to use only one Ethernet port

[Weaver]

The ZyXel modem doesn’t have ‘rules’ or ‘forwarding’ in my case because it isn’t a router, it’s just a dumb pppoe copying modem. So the config determines which ports are used by pppoe frames. And
its config determines how/where it outputs admin Ip packets.

It’s not as if there are Ip packets coming from somewhere and getting redirected within the B10A. Make sense?

My Firebrick router redirects stuff from the main LAN to the B10As if the dest IPv4 address in 192.168.n.1 where n is the nth modem 1..4. All IPv4 going into the B10A’s admin i/f gets its headers rewritten by the Firebrick (not by the B10A, for the avoidance of doubt) so that the source address is 192.168.n.254, and the B10A thinks it is hearing something in the same /24 where it’s own admin if lives. It then replies to 192.168.1.254. The .n.254 address is set up by the Firebrick to be the address of the Firebrick’s modem-facing interface in the small (only two nodes) lan that is one bit of straight wire. This is crucial; the B10A does not know how to to talk to any address outside it’s own /24 (or whatever range is chosen by the netmask set in its config) because it doesn’t have a default gateway defined, so it would not know where in L2 to send the frames to, ie to which Ethernet address an outside-my-range ip packet needs to go to to be handled by the gateway off this lan. this step is only there in order to fix the problem caused by the networking in the B10A not being fully set up, since the default gateway setting is missing. Since we are talking to .n.254 in my case, that’s an in-lan-range address and so no default gateway address arp lookup is required, so all is well and the B10A can send to .n.254. The Firebrick then has to redirect the packet received on .n.254 to wherever the corresponding request in the other direction originally came from on the main lan. It can do this by using its normal Nat mapping tables which turn an IP address into a distinctive source tcp port value. When the response comes back from the B10A the Firebrick already has a nat table entry set up dynamically from the earlier request heading towards the B10A and remembers where the response has to go back to by consulting that mapping in the table and rewrites the header again putting it onto the main lan with a source IP address rewritten to look like the response is coming from .n.1, the B10A. So all pretty ugly.

The non-obvious bit for me was the whole extra step needed because the default gateway setting is lacking in my B10A config and I can’t see anywhere in the b10a’s xml to declare it. It’s all about making sure that the B10A will not see incoming addresses that it cannot handle, addresses that it simply cannot talk to, which means anything outside its own netmask range (/24 in my case), all because of the lack of this crucial setting.

That is going to be true for use with any router. If this doesn’t make sense then I’m not surprised, as it hurt my head, which is very fuzzy anyway at the best of times.

It doesn’t seem to want to let you set a netmask of 0.0.0.0 iirc, btw, ie to declare ‘the whole universe is my lan’ so the B10A can just send packets to any ip dest addresses regardless of what they are and no default gateway lookup is then ever needed. I don’t know exactly what it does, but I seem to recall that it grinds its teeth if you try and set it up like that - can’t remember the details. But that would be a very sensible fix. The authors just thought presumably that setting up a netmask like that was an obvious bug, isn’t it (no) and so checked for it.

[Pauljbl]

Can you explain the config on the modem about how it chooses which ports are used by pppoe frames and where it outputs admin IP packets

The settings used to set this bit up

[johnson]

I'm not sure if the way I had a single cable working was the best way possible but it was like this:

An "interface group" set up via the web GUI on the 1312, with the VDSL PPPoE connection assigned to it on a single port LAN1. The created group automatically gets an IP in a new subnet - 192.168.2.1.

On the router running OpenWRT I added this command to custom run at boot section:

Code: [Select]

iptables -t nat -I POSTROUTING ! -s 192.168.1.1 -d 192.168.2.1 -j SNAT --to 192.168.2.2

and added a new interface in the GUI called wan_modem_mgmt, assigned to the physical WAN port and given a static IP of 192.168.2.2.

This allowed full access to the 1312 from the network at the address 192.168.2.1, with the network still working fine on the 192.168.1.x subnet.

There are probably cleaner ways of doing it, but this worked for me.

Edit: For clarity, my router is at 192.168.1.1 - adjust the iptables command to suit your network if you use it.

[Weaver]

>Can you explain the config on the modem about how it chooses which ports are used by pppoe frames and where it outputs admin IP packets

I’m afraid I don’t know this. I just was fortunate to got hold of a config that does ‘the right thing™’ for me courtesy of AA, my ISP. Someone there had done the necessary experimentation for me.

I presume that one could faff around with the web admin UI, save the xml config, and then diff it to see the results of manually applied changes reflected in the changes in the xml contents. 

Does that config do the right thing for you in respect of port assignments? Even though a lot of other aspects of it may be wrong, so it would need editing.

If you need an additional modem to play with, let me know and I suppose I could lend you one out of my stash, for a month or two. This would mean that you could experiment without trashing your main unit. If this would be helpful then just shout.

Burakkucat and Johnson are but a couple of the many ZyXEL gods in our community. Someone somewhere will most likely be around who is able to answer questions, or might even dig out answers if we ask nicely, or even consider giving our own Kitz a donation.