[Gllug] [OT] Non Nat dsl router advice?

David Godfrey dave at lists.deltass.co.uk
Mon Oct 18 15:30:41 UTC 2004 

Andy McGarty wrote:

> So back to my original question, does anyone have a dsl router, not doing 
> NAT, that only has one IP (or possibly three but not on the same subnet!) 
> so the dsl router becomes transparent and the linux firewall/servers have 
> public IP?

Yes - I do. I have a very cheap conexant DSL router in half-bridge
mode. I spent many hours setting it up but it has since been rock
solid and I haven't touched it for months. Here are my dhclient config
files which contain some hastily scribbled notes.
The main problem is the public IP address must be allocated by the
routers internal DHCP server with a 60s lease.

HTH

Regards

Dave Godfrey

/etc/dhclient.conf:-

supersede domain-name "local-net";
supersede domain-name-servers 127.0.0.1,10.1.1.3;
#
reboot 0;
timeout 10;
retry 10;
initial-interval 2;
backoff-cutoff 30;

/etc/dhclient-exit-hooks:-

#!/bin/sh
#
# The dhcp server in the router is very fussy. 
# It will not allocate a new address if the address responds to an arp query.
# The router will talk to an address it has not allocated so we can
# use ip aliasing to talk directly to the modem. We must remove this alias
# when the router is off-line or else the kernel will not tear down the default
# route to the router and the new default route to the internet will be ignored.
# What a pain.
# We cannot disable the dhcp server because the half-bridging relies on it:
# If the 60s lease on the public address is allowed to expire, the dhcp server
# will cause the PPP session to terminate.
#
echo "`date` exit: $reason $new_ip_address" >>/var/log/dh-hooks
if [ x$reason = xEXPIRE ] || [ x$reason = xFAIL ]; then
    rm -f /var/lock/on-line
# Delete the interface address to kill arp.
    /sbin/ifconfig ${interface} 0.0.0.0 up
    /sbin/ifconfig ${interface}:1 down
#ifconfig ${interface}  >>/var/log/dh-hooks
fi
if [ x$new_network_number = x192.168.200.0 ]; then
    /sbin/ifconfig ${interface}:1 down
    exit 0
fi
if [ x$reason = xBOUND ] || [ x$reason = xREBOOT ]; then
    touch /var/lock/on-line
# Still need direct access to modem when on-line - add alias
    /sbin/ifconfig ${interface}:1 192.168.200.5 netmask 255.255.255.0 broadcast 192.168.200.255 up
fi
if [ x$reason = xRENEW ] || [ x$reason = xREBIND ]; then
    touch /var/lock/on-line
fi

-- 
Dave Godfrey
dave at deltass.co.uk
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list