PPPoA HalfBridge to Mikrotik Problems

monomandy · March 14, 2008, 12:30am

I have a Speedstream 4200 DSL modem which can support Halfbridge mode - I’m wanting this to passthrough my public IP to the Mikrotik router so I don’t have to have double NATing happening. I’m also in New Zealand and theres only PPPoA available here so PPPoE is not an option.

My IP address is 58.28.152.xx but my gateway is 58.28.15.xx and the subnet mask is /24.
Obviously MT doesn’t like this and won’t accept the gateway.

If I try to statically enter the IP addresses with a subnet of /16 it works, but anything on the 58.28.x.x range is not accessible - like my ISPs DNS servers and VoIP servers for example.. 58.28.4.2

So I’m stuck with double NATing at the moment, this is not ideal so can anyone help me out?!

nz_monkey · March 14, 2008, 4:14am

Hi there,

This is a common trick with half-Bridge and PPPOA

Set your gateway MANUALLY to 58.28.152.254

and it will magically work!

Even though this is not the actual gateway, it will send it out to the half-bridge device which will then forward it correctly.

Regards,

Andrew

monomandy · March 14, 2008, 4:45am

Bad news..

No go!

nz_monkey · March 14, 2008, 9:21pm

I have a massive collection of DSL modems, including a SpeedStream 4200.

I’ll dig it out on Monday and get it working, then tell you how I got it going.

What firmware version are you using on your SpeedStream 4200 ? And what version of ROS ?

I 100% know that ROS works with Thomson SpeedTouch 546v6’s using this trick, and it’s the same trick with FortiGate’s abd DHCP spoofing.

monomandy · March 14, 2008, 9:25pm

ROS 2.9.27
Speedstream 4200 v004-D240-A93

jtuttle · April 15, 2008, 10:59pm

at&t is doing the same thing here. we temporarily got around the problem by assigning a gateway ip that was at the end of the current assigned ip range (x.x.x.254).

the MT will not accept the default dynamic route at&t assigns (it remains blue) because the default route is not in the same subnet as the dynamic ip.

we’re looking for a way to assign the default route to the physical interface regardless of what at&t sets as the gateway ip address.

jeff

chris021 · June 16, 2008, 10:35am

Did you have any luck with this? i got mine going with a dynalink modem in half bridge no worries…

Skolink · July 7, 2008, 11:06am

nz_monkey is a Dlink DSL-502T Rev A in your collection? I’m currently on Telstra cable, but about to switch to Xnet Fusion (ADSL with VoIP) due to price / data allowances.
I have an Xtra DSL-502T Rev A5 (Gen I) still in shrink-wrap in the cupboard. I think that only the Gen II (Rev C) supports half-bridge mode though.
Do you have any experience with this ubiquitous modem/router?

Chris is the Dynalink an RTA020 or something newer?

Thanks, John
skolinkinlot at hotmail

nz_monkey · July 22, 2008, 2:17am

Hi John,

Yes I have a couple of those D-Link’s they are terrible little pieces of work. I have never got half-bridge to work reliably on them.

Modems I would recommend for half bridge in NZ are:

Thomson SpeedTouch 546v6
Siemens SpeedStream 4200
Dynalink RTA1320

Don’t forget PPPOE will be available via Telecom by the end of the year, so you can use pretty much any modem supporting bridge mode.

Skolink · July 23, 2008, 7:31am

Thanks for your reply. I now have Xnet Fusion.
I bought (before you replied) a Dlink DSL-502T GenII (Rev C5) that was $23 on Tardme still sealed (thanks Xtra!), and a Linksys SPA2102 for the VoIP line.
It seems to be connected fine, and Xnet even turned off interleaving, so pings are as low as 25ms, almost as good as my soon-to-be-disconnected cable connection.
At the moment MT box is still plugged into cable, and Dlink is doing routing for DSL.
Is it possible to use MT with a dynamic WAN IP? Obviously the interface can get a dynamic IP via a PPP, but what about DST-NAT entries? What do you enter for the destination address?

fcollingwood · August 6, 2008, 12:46am

I have an SS4200, but have never been able to figure out how to get the beast into half-bridge mode.

It will be sitting between Slingshot (So NZ Telecom supplied jetbuster service) and a Smoothwall box, and I really want to avoid double NATting.

Can anyone help, please?

nz_monkey · August 6, 2008, 2:46am

Yes on the SS4200, it’s easy get the latest firmware and select PPPOA Half Bridge. Or use the Optus firmware and select “Optus Bridge”

Also, the Mikrotik will work with dynamic IP, but on xnet fusion you can ask for a static and they will give you one (as I have at home)

ayufan · August 6, 2008, 4:00am

Maybe try discovering ethernet address of device and manually adding it to the ARP table on fixed address for example .254 and than assigning this address as gateway, because only ethernet address is important here not ip address.

KT

fcollingwood · August 6, 2008, 5:19am

I have version A8M, which, I believe, is tha latest firmware. I can’t for the life of me find a PPPoA Half Bridge option in there.

Which page is it on?

Skolink · August 31, 2008, 8:07pm

I was told this would cost an extra $10 per month. Are you being charged that fee?

nz_monkey · September 1, 2008, 12:45am

Nope, they just did it when I applied for one, no charge.

mordak · September 1, 2008, 10:37am

Another way to do it is not to do half bridge at all.

Get a Speedtouch, and strip out the config via telnet until you have a phonebook enty that has the vpi/vci settings, and enable the pptp service on the router. (1)

Put an IP of 10.0.0.1 on your MT ethernet facing your router

make a pptp-client interface to 10.0.0.138 (old default IP of a speedtouch) using your DSL usercode and password

enable the pptp-client interface

do a /ip add pr and the router now has a realworld IP on it - no NAT at all

Works fine with anthing that will do a PPTP client - Linux, BSD etc.

(1) I had a rough 3rd hand explaination of how to do this given to me. I implemented waht I had been told and it just didn’t work (different speedtouch firmwares I think). So I had my MT PPTP client banging away trying to login in one window and a telnet into the speedtouch in another and just started removing more and more config. I removed “something” and the PPTP came up and I got my IP - been using that config ever since

mordak · September 1, 2008, 11:43am

I Found a copy of the config For the Speedtouch v6 I think???

The bits with not much left in them after I deleted heaps

[ snmp.ini ]
config sysContact="Service Provider" sysName="SpeedTouch 510" sysLocation="Customer Premises"

[ phone.ini ]
add name=PVC_1 addr=0*100 type=any

[ qos.ini ]
config format=bytes
add name=default class=ubr

[ oam.ini ]
config clp=1 loopbackid=6a6a6a6a6a6a6a6a6a6a6a6a6a6a6a6a
mode port=dsl0 blocking=enabled
mode port=dsl1 blocking=enabled
mode port=atm2 blocking=enabled
mode port=atm3 blocking=enabled
mode port=aal5 blocking=enabled
mode port=atm5 blocking=enabled

[ pfirewall.ini ]
chain create chain=sink
chain create chain=forward
chain create chain=source
rule create chain=sink index=0 srcintfgrp=!wan action=accept
rule create chain=sink index=1 prot=udp dstport=dns action=accept
rule create chain=sink index=2 prot=udp dstport=bootpc action=accept
rule create chain=sink index=3 prot=icmp icmptype=echo-reply action=accept
rule create chain=sink index=4 prot=udp dstport=snmp log=yes action=count
rule create chain=sink index=5 action=drop
rule create chain=forward index=0 srcintfgrp=wan dstintfgrp=wan action=drop
rule create chain=source index=0 dstintfgrp=!wan action=accept
rule create chain=source index=1 prot=udp dstport=dns action=accept
rule create chain=source index=2 prot=udp dstport=bootps action=accept
rule create chain=source index=3 prot=icmp icmptype=echo-request action=accept
rule create chain=source index=4 prot=udp srcport=snmp log=yes action=count
rule create chain=source index=5 action=drop
assign  hook=sink chain=sink
assign  hook=forward chain=forward
assign  hook=source chain=source

[ label.ini ]
chain create chain=user_labels

[ bridge.ini ]
config age=300 filter=no_WAN_broadcast

[ pptp.ini ]

[ ethoa.ini ]

[ ipoa.ini ]

[ cip.ini ]

[ pppoerelay.ini ]

[ dhcp.ini ]
config autodhcp=on scantime=10 state=disabled trace=off
policy verifyfirst=on trustclient=on
pool add name=LAN_private
pool config name=LAN_private intf=eth0 poolstart=10.0.0.1 poolend=10.0.0.254 netmask=24 gateway=10.0.0.138 server=10.0.0.138 leasetime=7200

[ pppoa.ini ]

[ pppoe.ini ]

[ ip.ini ]
config forwarding=on firewalling=on redirects=on sourcerouting=off netbroadcasts=off ttl=64 fraglimit=64 defragmode=always addrcheck=dynamic mssclamping=on
apadd addr=10.0.0.138/24 intf=eth0 addroute=no type=1
ifconfig intf=loop mtu=1500 group=local linksensing=off
ifconfig intf=eth0 mtu=1500 group=lan linksensing=off
rtadd dst=255.255.255.255/32 gateway=10.0.0.138
rtadd dst=10.0.0.0/24 gateway=10.0.0.138 type=1
rtadd dst=224.0.0.0/4 intf=eth0

[ autoip.ini ]
ifadd intf=eth0
ifconfig intf=eth0 addr=169.254.141.11 poolstart=169.254.1.1 poolend=169.254.254.254 netmask=16
ifattach intf=eth0

[ eth.ini ]
ifconfig intf=1 type=auto
ifconfig intf=2 type=auto
ifconfig intf=3 type=auto
ifconfig intf=4 type=auto
config intf=1 state=enabled
config intf=2 state=enabled
config intf=3 state=enabled
config intf=4 state=enabled

[ diagnostics.ini ]
config pingtimeout=1000 pingpacketsize=20

[ dnsd.ini ]
domain domain=lan
add hostname=SpeedTouch
start
troff

[ dhcr.ini ]
ifconfig intf=eth0 relay=on
add addr=127.0.0.1 intf=eth0 giaddr=10.0.0.138

[ dhcc.ini ]
config trace=off

[ adslpots.ini ]
config opermode=multimode maxbitspertoneUS=13 trace=off modemoption=00000000000000000000000000000000

[ nat.ini ]
bind application=ESP port=1
bind application=FTP port=ftp
bind application=GRE port=1
bind application=H323 port=h323
bind application=IKE port=ike
bind application=ILS port=ldap
bind application=ILS port=ils
bind application=IP6TO4 port=1
bind application=IRC port=6660 port_end=6670
bind application=JABBER port=5222
bind application=JABBER port=15222
bind application=PPTP port=1723
bind application=RAUDIO(PNA) port=realaudio
bind application=RTSP port=rtsp
bind application=SIP port=sip

[ autopvc.ini ]
config mode=pseudo type=bridge opmode=partial overwrite=enabled peakrate=0

[ switch.ini ]
mirror capture port=1

[ system.ini ]
config upnp=enabled mdap=enabled drst=enabled
config dcache=enabled

[ upnp.ini ]
config maxage=1800 defcservice=none writemode=full safenat=disabled

[ endofarch ]

chimaster · November 24, 2008, 2:24am

Hey Guys,

Interesting Thread, I was stuck trying to get full bridge to work with PPPoE (even though the DSL did the connecting..) and found this! Fantastic, it works… sort of. I’m looking for some advice.

The problem I have is when I have two connections active..

Wireless connection with static IP
DSL connection (Orcon NZ) so as good as static.

I want to route certain traffic such as p2p across the DSL and keep the Wireless connection for QOS reasons (SIP, RTP, etc..) However.. It seems to quickly get complicated as I have a DMZ in the mix also and traffic marked there as “Other_Con” is deciding to try and go out the DSL connection, even through traffic from the DMZ is srcnat’d to a static IP on the Wireless connection. I thnk i’ve fixed part of this by sorting out my rule order, however, traffic is not routing out the DSL connection only coming in. Any ideas?

chimaster · November 24, 2008, 7:01am

Silly me, I can just use the in interface option to not get traffic from the DMZ, however, now I’m unable to receive data on the second link. So i can send ptp traffic over the dsl, but it doesn’t come back… Any ideas?