Alcatel Speedtouch Home ADSL NAT / Firewall Guide: Difference between revisions

From Edgar BV Wiki
Jump to navigation Jump to search
New page: <title>Fast ADSL tweaking</title> <body bgcolor="#000000" text="#00CC33" link="#FFFFCC" vlink="#FFFFCC" alink="#FFFF99"> <p>HOWTO tweak an Alcatel Speedtouch ISDN ethernet modem to a route...
 
No edit summary
 
(One intermediate revision by the same user not shown)
Line 6: Line 6:
</p>
</p>
<p>---- Modifying for Routing --------- <br>
<p>---- Modifying for Routing --------- <br>
   <font color="#FFFFFF">telnet 10.0.0.138 <br>
   <font color="#000000">telnet 10.0.0.138 <br>
   login then login as expert: <br>
   login then login as expert: <br>
   EXPERT<br>
   EXPERT<br>
Line 26: Line 26:
   Apply and Save all changes every time! <br>
   Apply and Save all changes every time! <br>
   In the <font color="#FFFF00">ppp</font> screen enter new entries: <br>
   In the <font color="#FFFF00">ppp</font> screen enter new entries: <br>
   <font color="#FFFFFF">name (any will do - I use livewire1) vc-mux 8 48 <br>
   <font color="#000000">name (any will do - I use livewire1) vc-mux 8 48 <br>
   name2 vc-mux 8 49 <br>
   name2 vc-mux 8 49 <br>
   name3 vc-mux 8 50 <br>
   name3 vc-mux 8 50 <br>
Line 33: Line 33:
<p>Now configure each interface: <br>
<p>Now configure each interface: <br>
   <b>Authentication </b><br>
   <b>Authentication </b><br>
   User <font color="#FFFFFF">ADSL Username</font> <br>
   User <font color="#000000">ADSL Username</font> <br>
   Password <font color="#FFFFFF">ADSL passwd</font> <br>
   Password <font color="#000000">ADSL passwd</font> <br>
   <b>Routing</b> <br>
   <b>Routing</b> <br>
   Connection sharing <font color="#FFFFFF">everybody</font> <br>
   Connection sharing <font color="#000000">everybody</font> <br>
   Destination nw <font color="#FFFFFF">All</font> <br>
   Destination nw <font color="#000000">All</font> <br>
   Specific nw <font color="#FFFFFF">empty</font> <br>
   Specific nw <font color="#000000">empty</font> <br>
   NAT-PAT <font color="#FFFFFF">Enabled</font> <br>
   NAT-PAT <font color="#000000">Enabled</font> <br>
   Primary DNS <font color="#FFFFFF">Primary DNS server (ip)</font> <br>
   Primary DNS <font color="#000000">Primary DNS server (ip)</font> <br>
   Secondary DNS <font color="#FFFFFF">Seconday DNS server (ip) </font><br>
   Secondary DNS <font color="#000000">Seconday DNS server (ip) </font><br>
   <b>Options</b><br>
   <b>Options</b><br>
   Local IP <font color="#FFFFFF">none</font> <br>
   Local IP <font color="#000000">none</font> <br>
   Remote IP <font color="#FFFFFF">none</font> <br>
   Remote IP <font color="#000000">none</font> <br>
   Mode <font color="#FFFFFF">always-on </font><br>
   Mode <font color="#000000">always-on </font><br>
   Idle time limit <font color="#FFFFFF">empty</font> <br>
   Idle time limit <font color="#000000">empty</font> <br>
   LCP Echo <font color="#FFFFFF">Enable</font> <br>
   LCP Echo <font color="#000000">Enable</font> <br>
   PAP <font color="#FFFFFF">Disable</font> <br>
   PAP <font color="#000000">Disable</font> <br>
   ACCOMP <font color="#FFFFFF">Enable</font> </p>
   ACCOMP <font color="#000000">Enable</font> </p>
<p><font color="#FFFF00">Apply and save</font> changes </p>
<p><font color="#FFFF00">Apply and save</font> changes </p>
<p>Now telnet to 10.0.0.138 and log in (not using EXPERT) <br>
<p>Now telnet to 10.0.0.138 and log in (not using EXPERT) <br>
Line 56: Line 56:
   your IP and ppp names for these in the commands below) <br>
   your IP and ppp names for these in the commands below) <br>
   Type in the following commands, modified for your setup: </p>
   Type in the following commands, modified for your setup: </p>
<p><font color="#FFFFFF">ip <br>
<p><font color="#000000">ip <br>
   rtlist<br>
   rtlist<br>
   rtdelete dst=0.0.0.0 dstmsk=0 src=10.0.0.101 srcmsk=0 intf=livewire2 <br>
   rtdelete dst=0.0.0.0 dstmsk=0 src=10.0.0.101 srcmsk=0 intf=livewire2 <br>
Line 66: Line 66:
   from there. (Not tested enough) This is only in the routing table of the alcatel
   from there. (Not tested enough) This is only in the routing table of the alcatel
   unit. </p>
   unit. </p>
<p><font color="#FFFFFF">ppp <br>
<p><font color="#000000">ppp <br>
   iflist <br>
   iflist <br>
   ifdetach intf=livewire2 <br>
   ifdetach intf=livewire2 <br>
Line 84: Line 84:
   server). Port 9 is for ping so that might be handy. <br>
   server). Port 9 is for ping so that might be handy. <br>
</p>
</p>
<p><font color="#FFFFFF">nat</font> </p>
<p><font color="#000000">nat</font> </p>
<p>list = list all the rules <br>
<p>list = list all the rules <br>
   flush = flush - don't use unless necessary it will hang your modem! </p>
   flush = flush - don't use unless necessary it will hang your modem! </p>
<p><font color="#FFFFFF">create protocol=tcp inside_addr=10.0.0.101 inside_port=21
<p><font color="#000000">create protocol=tcp inside_addr=10.0.0.101 inside_port=21
   outside_addr=0.0.0.0 outside_port=21 <br>
   outside_addr=0.0.0.0 outside_port=21 <br>
   create protocol=tcp inside_addr=10.0.0.101 inside_port=22 outside_addr=0.0.0.0
   create protocol=tcp inside_addr=10.0.0.101 inside_port=22 outside_addr=0.0.0.0
Line 96: Line 96:
   outside_port=53<br>
   outside_port=53<br>
   create protocol=udp inside_addr=10.0.0.102 inside_port=53 outside_addr=0.0.0.0
   create protocol=udp inside_addr=10.0.0.102 inside_port=53 outside_addr=0.0.0.0
   outside_port=53 </font><font color="#FFFFFF"><br>
   outside_port=53 </font><font color="#000000"><br>
   create protocol=tcp inside_addr=10.0.0.102 inside_port=80 outside_addr=0.0.0.0
   create protocol=tcp inside_addr=10.0.0.102 inside_port=80 outside_addr=0.0.0.0
   outside_port=80 <br>
   outside_port=80 <br>
Line 104: Line 104:
   outside_port=9001<br>
   outside_port=9001<br>
   </font></p>
   </font></p>
<p><font color="#FFFFFF">create protocol=tcp inside_addr=192.168.0.0 inside_port=21
<p><font color="#000000">create protocol=tcp inside_addr=192.168.0.0 inside_port=21
   outside_addr=0.0.0.0 outside_port=21</font><font color="#FFFFFF"><br>
   outside_addr=0.0.0.0 outside_port=21</font><font color="#000000"><br>
   create protocol=tcp inside_addr=192.168.0.0 inside_port=22 outside_addr=0.0.0.0
   create protocol=tcp inside_addr=192.168.0.0 inside_port=22 outside_addr=0.0.0.0
   outside_port=22<br>
   outside_port=22<br>
Line 111: Line 111:
   outside_port=25<br>
   outside_port=25<br>
   create protocol=tcp inside_addr=192.168.0.0 inside_port=80 outside_addr=0.0.0.0
   create protocol=tcp inside_addr=192.168.0.0 inside_port=80 outside_addr=0.0.0.0
   outside_port=80</font><font color="#FFFFFF"> <br>
   outside_port=80</font><font color="#000000"> <br>
   </font></p>
   </font></p>
<p><font color="#FFFFFF">create protocol=tcp inside_addr=10.0.0.101 inside_port=21
<p><font color="#000000">create protocol=tcp inside_addr=10.0.0.101 inside_port=21
   outside_addr=213.84.24.228 outside_port=21 <br>
   outside_addr=213.84.24.228 outside_port=21 <br>
   create protocol=tcp inside_addr=10.0.0.101 inside_port=22 outside_addr=213.84.24.228
   create protocol=tcp inside_addr=10.0.0.101 inside_port=22 outside_addr=213.84.24.228
Line 131: Line 131:
   create protocol=<br>
   create protocol=<br>
   save </font></p>
   save </font></p>
<p><font color="#FFFFFF">create protocol=tcp inside_addr=10.0.0.101 inside_port=21
<p><font color="#000000">create protocol=tcp inside_addr=10.0.0.101 inside_port=21
   outside_addr=213.84.24.229 outside_port=21 <br>
   outside_addr=213.84.24.229 outside_port=21 <br>
   create protocol=tcp inside_addr=10.0.0.101 inside_port=22 outside_addr=213.84.24.229
   create protocol=tcp inside_addr=10.0.0.101 inside_port=22 outside_addr=213.84.24.229
Line 150: Line 150:
   outside_port=500<br>
   outside_port=500<br>
   save </font></p>
   save </font></p>
<p>do <font color="#FF0000"><b>NOT</b></font> <font color="#FFFFFF">enable addr=10.0.0.138</font>!
<p>do <font color="#FF0000"><b>NOT</b></font> <font color="#000000">enable addr=10.0.0.138</font>!
   <br>
   <br>
   For some reason doing <font color="#FFFFFF">defserver=10.0.0.101</font> hangs
   For some reason doing <font color="#000000">defserver=10.0.0.101</font> hangs
   the modem.</p>
   the modem.</p>
<p>To fully restore your modem:<br>
<p>To fully restore your modem:<br>
   <font color="#FFFFFF">telnet 10.0.0.138 <br>
   <font color="#000000">telnet 10.0.0.138 <br>
   login then login as expert: <br>
   login then login as expert: <br>
   EXPERT <br>
   EXPERT <br>
Line 182: Line 182:
   Robin <br>
   Robin <br>
   <a href="mailto:rothmans_blue@mailcity.com">rothmans_blue@mailcity.com</a></p>
   <a href="mailto:rothmans_blue@mailcity.com">rothmans_blue@mailcity.com</a></p>
<p>In order to get a wireless device to connect to the modem when it's set as "new stations are allowed (via registration)", you have to go to Home Network -> Wlan -> search for wireless devices. Whilst the modem is scannning, get the wireless device to connect to the modem's network.</p>

Latest revision as of 12:41, 11 August 2008

<title>Fast ADSL tweaking</title> <body bgcolor="#000000" text="#00CC33" link="#FFFFCC" vlink="#FFFFCC" alink="#FFFF99">

HOWTO tweak an Alcatel Speedtouch ISDN ethernet modem to a router and set it up for using multiple IPs.
Note - commands to be typed in are in white, mousey things are in yellow.

---- Modifying for Routing ---------
telnet 10.0.0.138
login then login as expert:
EXPERT
204344068
rip
drv_read 2 1 b
result given is: 9604 (if unmodified)
drv_write 2 1 b 9606 (ie. change last number to a 6)
exit
system
reboot

Then reset the modem to default using the button on the back. Congratulations, you now have an Alcatel Speed Touch Pro router!

Browse to the webinterface and remove all entries from the pptp menu and phone book. You can also remove them from bridging and stuff (get rid of DHCP spoofing stuff)
Apply and Save all changes every time!
In the ppp screen enter new entries:
name (any will do - I use livewire1) vc-mux 8 48
name2 vc-mux 8 49
name3 vc-mux 8 50
name4 vc-mux 8 51

apply and save all changes.

Now configure each interface:
Authentication
User ADSL Username
Password ADSL passwd
Routing
Connection sharing everybody
Destination nw All
Specific nw empty
NAT-PAT Enabled
Primary DNS Primary DNS server (ip)
Secondary DNS Seconday DNS server (ip)
Options
Local IP none
Remote IP none
Mode always-on
Idle time limit empty
LCP Echo Enable
PAP Disable
ACCOMP Enable

Apply and save changes

Now telnet to 10.0.0.138 and log in (not using EXPERT)
Each Machine has a nic in it with an ip of 10.0.0.10X and my ppp connection names are livewireX (configured in the ppp entries on the webinterface) so subtitute your IP and ppp names for these in the commands below)
Type in the following commands, modified for your setup:

ip
rtlist
rtdelete dst=0.0.0.0 dstmsk=0 src=10.0.0.101 srcmsk=0 intf=livewire2
rtadd dst=0.0.0.0 dstmsk=0 src=10.0.0.102 srcmsk=0 intf=livewire2
save
exit

Here I'm setting up a route to each seperate nic from the outside world. You can do this from the webinterface if you like, but I'm not so sure it'll work from there. (Not tested enough) This is only in the routing table of the alcatel unit.

ppp
iflist
ifdetach intf=livewire2
rtadd intf=livewire2 dst=213.84.24.229 dstmsk=0 src=10.0.0.102 srcmsk=0 metric=0
ifattach intf=livewire2
save
exit

Here I'm setting up the route directly on the nic interface. For some reason the alcatel always wants to route to the first nic of the first ppp connection for all ppp connections, ie. data going into livewire1 and livewire2 will go to IP 10.0.0.101 instead of to the nic it's supposed to be connected with. Nothing in the webinterface will let you change this :( This was the real bitch part...

Now set up natting rules. Unfortunately I haven't found a way to get one port open on both machines, so the way I have it set up here is to have ports 21,22,25,80 routed to one machine and 53 to the second machine (which is a dedicated DNS server). Port 9 is for ping so that might be handy.

nat

list = list all the rules
flush = flush - don't use unless necessary it will hang your modem!

create protocol=tcp inside_addr=10.0.0.101 inside_port=21 outside_addr=0.0.0.0 outside_port=21
create protocol=tcp inside_addr=10.0.0.101 inside_port=22 outside_addr=0.0.0.0 outside_port=22
create protocol=tcp inside_addr=10.0.0.102 inside_port=25 outside_addr=0.0.0.0 outside_port=25
create protocol=tcp inside_addr=10.0.0.102 inside_port=53 outside_addr=0.0.0.0 outside_port=53
create protocol=udp inside_addr=10.0.0.102 inside_port=53 outside_addr=0.0.0.0 outside_port=53

create protocol=tcp inside_addr=10.0.0.102 inside_port=80 outside_addr=0.0.0.0 outside_port=80
create protocol=tcp inside_addr=10.0.0.101 inside_port=9000 outside_addr=0.0.0.0 outside_port=9000
create protocol=tcp inside_addr=10.0.0.101 inside_port=9001 outside_addr=0.0.0.0 outside_port=9001

create protocol=tcp inside_addr=192.168.0.0 inside_port=21 outside_addr=0.0.0.0 outside_port=21
create protocol=tcp inside_addr=192.168.0.0 inside_port=22 outside_addr=0.0.0.0 outside_port=22
create protocol=tcp inside_addr=192.168.0.0 inside_port=25 outside_addr=0.0.0.0 outside_port=25
create protocol=tcp inside_addr=192.168.0.0 inside_port=80 outside_addr=0.0.0.0 outside_port=80

create protocol=tcp inside_addr=10.0.0.101 inside_port=21 outside_addr=213.84.24.228 outside_port=21
create protocol=tcp inside_addr=10.0.0.101 inside_port=22 outside_addr=213.84.24.228 outside_port=22
create protocol=tcp inside_addr=10.0.0.102 inside_port=25 outside_addr=213.84.24.229 outside_port=25
create protocol=tcp inside_addr=10.0.0.102 inside_port=53 outside_addr=213.84.24.229 outside_port=53
create protocol=udp inside_addr=10.0.0.102 inside_port=53 outside_addr=213.84.24.229 outside_port=53
create protocol=tcp inside_addr=10.0.0.102 inside_port=80 outside_addr=213.84.24.229 outside_port=80
create protocol=tcp inside_addr=10.0.0.101 inside_port=9000 outside_addr=213.84.24.228 outside_port=9000
create protocol=tcp inside_addr=10.0.0.101 inside_port=9001 outside_addr=213.84.24.228 outside_port=9001
create protocol=
save

create protocol=tcp inside_addr=10.0.0.101 inside_port=21 outside_addr=213.84.24.229 outside_port=21
create protocol=tcp inside_addr=10.0.0.101 inside_port=22 outside_addr=213.84.24.229 outside_port=22
create protocol=tcp inside_addr=10.0.0.102 inside_port=25 outside_addr=213.84.24.229 outside_port=25
create protocol=tcp inside_addr=10.0.0.102 inside_port=53 outside_addr=213.84.24.229 outside_port=53
create protocol=udp inside_addr=10.0.0.102 inside_port=53 outside_addr=213.84.24.229 outside_port=53
create protocol=tcp inside_addr=10.0.0.102 inside_port=80 outside_addr=213.84.24.229 outside_port=80
create protocol=tcp inside_addr=10.0.0.101 inside_port=9000 outside_addr=213.84.24.229 outside_port=9000
create protocol=tcp inside_addr=10.0.0.101 inside_port=9001 outside_addr=213.84.24.229 outside_port=9001
create protocol=udp inside_addr=10.0.0.101 inside_port=500 outside_addr=213.84.24.229 outside_port=500
save

do NOT enable addr=10.0.0.138!
For some reason doing defserver=10.0.0.101 hangs the modem.

To fully restore your modem:
telnet 10.0.0.138
login then login as expert:
EXPERT
204344068
rip
drv_read 2 1 b result given is: 9606 (if modified)
drv_write 2 1 b 9604 (ie. change last number back to a 4)
exit system
reboot

Then reset the modem to default using the button on the back.
Now you can reload the MXS_HOME software using the software and re-apply the tweak.

Problems:
I haven't yet got the following working
- ssh (or any open port) on both machines. You have to make a choice which is annoying
- routing outgoing traffic through an IP address - at the moment I'm browsing the internet on the external IP adress of the highest ppp connection name (ie. livewire2's IP) no matter through which nic I'm routing (ie. traffic coming from 10.0.0.101 or 10.0.0.102 is shown as coming from livewire2's IP).

References:
<a href="http://www.bruring.com">www.bruring.com</a>
<a href="http://www.sateh.com">www.sateh.com </a>
<a href="http://adsltweak.iscool.nl">adsltweak.iscool.nl </a>

Have fun and good luck!
Robin
<a href="mailto:rothmans_blue@mailcity.com">rothmans_blue@mailcity.com</a>

In order to get a wireless device to connect to the modem when it's set as "new stations are allowed (via registration)", you have to go to Home Network -> Wlan -> search for wireless devices. Whilst the modem is scannning, get the wireless device to connect to the modem's network.