| Author |
 Topic  |
|
|
lolo_kea
Starting Member
France
2 Posts |
 Posted - 28/10/2008 : 21:03:00
|
Hello,
I've tried by several means to either disable NAT/firewall or create a DMZ (assign public IP) to our linux firewall
We're using a Speedtouch 546v6 firmware 7.4.3.2.
For the DMZ, I've reset the router to default, set it up, assign a dynamic address (dhcp) to our linux firewall. But when I go to "Home Network" - "Device" - " Assign the public IP address of a connection to a LAN device", it always displays
"Internet Service Device"
"Internet Not assigned and no compatible device found"
Is there a CLI way to do this dmz stuff?
Ideally, what I would like is to have directly the public ip address on my linux firewall (it has a dedicated ethernet port, and is the only one connected to the router), and I would like the Speedtouch router just to let everything go directly to our server, without NAT nor firewalling.
For the Nat, I've tried the following steps, but I can't go through the speedtouch with these steps executed:
ppp ifdetach intf=Internet
ppp ifconfig intf=Internet unnumbered=enabled
atm ifconfig intf=Internet translation=disabled
ppp ifattach intf=Internet
saveall
With this, I still get a 192.168.1.X address from DHCP, and I can't access internet.
Please, any idea (by CLI or web interface) to really disable NAT and Firewall, and put the public ip address directly on my ubuntu server?
For the moment, the speedtouch router is just resetted and set up. Which means NAT enabled, Firewall disabled and lan address set to 192.168.1.254, DHCP on (192.168.5.64 given to our ubuntu server).
Regards,
Laurent Blin |
|
|
lolo_kea
Starting Member
France
2 Posts |
Posted - 28/10/2008 : 22:05:39
|
OK, problem fixed with the help of our Internet Provider. Some steps where missing.
Here are what needs to be done in order to deactivate NAT on our speedtouch.
For example:
Public IP addess of our Router: 12.34.56.78
Public IP addresses availables for our company: 12.34.56.70 to 12.23.56.77
I will set the router address to 12.34.56.78 and our Linux server (Https, mail etc..) to 12.34.56.70 (mask 255.255.255.248 or /28)
- set Up the router like the usual way. Make sure it works.
- unplug DSL cable
- ppp ifdetach intf=Internet
- nat ifconfig intf=Internet translation=disabled
- ppp ifconfig intf=Internet unnumbered=enabled
- ip ipadd intf=LocalNetwork addr=12.34.56.78@28 addroute=enabled
- ppp ifattach intf=Internet
- saveall
- exit than reboot speedtouch.
On our Linux Server:
ifconfig eth2 12.34.56.70 netmask 255.255.255.248
route add default gw 12.34.56.78
Then, it works.
All Internet requests will be directly assigned to our public ip address 12.34.56.70 (for example extranet.mycompany.com), and it will directly go to our linux server.
Thanks for your forum. Informations here are incredibly interesting.
regards,
Laurent Blin |
 |
|
|
julmunoz
Starting Member
1 Posts |
Posted - 08/02/2010 : 07:47:58
|
Hi:
this post was very usefull to me.
In fact it is the only way I have found to use the public IP on the computer's interface, while using PPPoA on the speetchouch to establish WAN connection.
After some problems on my internet connection, I would like to provide some experiences with this configution:
1) A problem on the TCP connexions, very difficult to catch and understand:
SOME users were disconnected by timeout of the TCP connexion.
This has been solved by disabling COMPLETELY IPS and Firewall from the CLI (not enough from the web interface).
The problem is related with ICMP and MTU discovery. I have also disabled MTU disconvery on the server.
2) I have tried to do the same configuration with a 3COM officeconnect.
It has been almost impossible, only after upgrading firmware, I have been able to put the ip address on the DMZ, needing to activate NAT, Firewall, and create a static route.
However, it is still not working properly, because the router is catching ICMPs directed to the public address (same problems than before, or even worse, happen).
So, really, this highlighs the goodness of the Speedtouch.
3) Finally, I am still having a timeout problem with SMTP outgoing emails to Yahoo.
I am not sure if it is a connectivity problem, I am still not sure if some strange problem related with ICMP is happening on the speedtouch using this configuration.
I hope this post can help someone else, and I'd like also to hear some feedback !!
Best,
Julian
|
|
|
| |
Topic |
|
|
|
Open DMZ or disable NAT on 546 v6
