Alcatel Speedtouch Home ADSL NAT / Firewall Guide: Difference between revisions

From Edgar BV Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
Line 182: Line 182:
   Robin <br>
   Robin <br>
   <a href="mailto:rothmans_blue@mailcity.com">rothmans_blue@mailcity.com</a></p>
   <a href="mailto:rothmans_blue@mailcity.com">rothmans_blue@mailcity.com</a></p>
<p>In order to get a wireless device to connect to the modem when it's set as "new stations are allowed (via registration)", you have to go to Home Network -> Wlan -> search for wireless devices. Whilst the modem is scannning, get the wireless device to connect to the modem's network.</p>

Latest revision as of 12:41, 11 August 2008

<title>Fast ADSL tweaking</title> <body bgcolor="#000000" text="#00CC33" link="#FFFFCC" vlink="#FFFFCC" alink="#FFFF99">

HOWTO tweak an Alcatel Speedtouch ISDN ethernet modem to a router and set it up for using multiple IPs.
Note - commands to be typed in are in white, mousey things are in yellow.

---- Modifying for Routing ---------
telnet 10.0.0.138
login then login as expert:
EXPERT
204344068
rip
drv_read 2 1 b
result given is: 9604 (if unmodified)
drv_write 2 1 b 9606 (ie. change last number to a 6)
exit
system
reboot

Then reset the modem to default using the button on the back. Congratulations, you now have an Alcatel Speed Touch Pro router!

Browse to the webinterface and remove all entries from the pptp menu and phone book. You can also remove them from bridging and stuff (get rid of DHCP spoofing stuff)
Apply and Save all changes every time!
In the ppp screen enter new entries:
name (any will do - I use livewire1) vc-mux 8 48
name2 vc-mux 8 49
name3 vc-mux 8 50
name4 vc-mux 8 51

apply and save all changes.

Now configure each interface:
Authentication
User ADSL Username
Password ADSL passwd
Routing
Connection sharing everybody
Destination nw All
Specific nw empty
NAT-PAT Enabled
Primary DNS Primary DNS server (ip)
Secondary DNS Seconday DNS server (ip)
Options
Local IP none
Remote IP none
Mode always-on
Idle time limit empty
LCP Echo Enable
PAP Disable
ACCOMP Enable

Apply and save changes

Now telnet to 10.0.0.138 and log in (not using EXPERT)
Each Machine has a nic in it with an ip of 10.0.0.10X and my ppp connection names are livewireX (configured in the ppp entries on the webinterface) so subtitute your IP and ppp names for these in the commands below)
Type in the following commands, modified for your setup:

ip
rtlist
rtdelete dst=0.0.0.0 dstmsk=0 src=10.0.0.101 srcmsk=0 intf=livewire2
rtadd dst=0.0.0.0 dstmsk=0 src=10.0.0.102 srcmsk=0 intf=livewire2
save
exit

Here I'm setting up a route to each seperate nic from the outside world. You can do this from the webinterface if you like, but I'm not so sure it'll work from there. (Not tested enough) This is only in the routing table of the alcatel unit.

ppp
iflist
ifdetach intf=livewire2
rtadd intf=livewire2 dst=213.84.24.229 dstmsk=0 src=10.0.0.102 srcmsk=0 metric=0
ifattach intf=livewire2
save
exit

Here I'm setting up the route directly on the nic interface. For some reason the alcatel always wants to route to the first nic of the first ppp connection for all ppp connections, ie. data going into livewire1 and livewire2 will go to IP 10.0.0.101 instead of to the nic it's supposed to be connected with. Nothing in the webinterface will let you change this :( This was the real bitch part...

Now set up natting rules. Unfortunately I haven't found a way to get one port open on both machines, so the way I have it set up here is to have ports 21,22,25,80 routed to one machine and 53 to the second machine (which is a dedicated DNS server). Port 9 is for ping so that might be handy.

nat

list = list all the rules
flush = flush - don't use unless necessary it will hang your modem!

create protocol=tcp inside_addr=10.0.0.101 inside_port=21 outside_addr=0.0.0.0 outside_port=21
create protocol=tcp inside_addr=10.0.0.101 inside_port=22 outside_addr=0.0.0.0 outside_port=22
create protocol=tcp inside_addr=10.0.0.102 inside_port=25 outside_addr=0.0.0.0 outside_port=25
create protocol=tcp inside_addr=10.0.0.102 inside_port=53 outside_addr=0.0.0.0 outside_port=53
create protocol=udp inside_addr=10.0.0.102 inside_port=53 outside_addr=0.0.0.0 outside_port=53

create protocol=tcp inside_addr=10.0.0.102 inside_port=80 outside_addr=0.0.0.0 outside_port=80
create protocol=tcp inside_addr=10.0.0.101 inside_port=9000 outside_addr=0.0.0.0 outside_port=9000
create protocol=tcp inside_addr=10.0.0.101 inside_port=9001 outside_addr=0.0.0.0 outside_port=9001

create protocol=tcp inside_addr=192.168.0.0 inside_port=21 outside_addr=0.0.0.0 outside_port=21
create protocol=tcp inside_addr=192.168.0.0 inside_port=22 outside_addr=0.0.0.0 outside_port=22
create protocol=tcp inside_addr=192.168.0.0 inside_port=25 outside_addr=0.0.0.0 outside_port=25
create protocol=tcp inside_addr=192.168.0.0 inside_port=80 outside_addr=0.0.0.0 outside_port=80

create protocol=tcp inside_addr=10.0.0.101 inside_port=21 outside_addr=213.84.24.228 outside_port=21
create protocol=tcp inside_addr=10.0.0.101 inside_port=22 outside_addr=213.84.24.228 outside_port=22
create protocol=tcp inside_addr=10.0.0.102 inside_port=25 outside_addr=213.84.24.229 outside_port=25
create protocol=tcp inside_addr=10.0.0.102 inside_port=53 outside_addr=213.84.24.229 outside_port=53
create protocol=udp inside_addr=10.0.0.102 inside_port=53 outside_addr=213.84.24.229 outside_port=53
create protocol=tcp inside_addr=10.0.0.102 inside_port=80 outside_addr=213.84.24.229 outside_port=80
create protocol=tcp inside_addr=10.0.0.101 inside_port=9000 outside_addr=213.84.24.228 outside_port=9000
create protocol=tcp inside_addr=10.0.0.101 inside_port=9001 outside_addr=213.84.24.228 outside_port=9001
create protocol=
save

create protocol=tcp inside_addr=10.0.0.101 inside_port=21 outside_addr=213.84.24.229 outside_port=21
create protocol=tcp inside_addr=10.0.0.101 inside_port=22 outside_addr=213.84.24.229 outside_port=22
create protocol=tcp inside_addr=10.0.0.102 inside_port=25 outside_addr=213.84.24.229 outside_port=25
create protocol=tcp inside_addr=10.0.0.102 inside_port=53 outside_addr=213.84.24.229 outside_port=53
create protocol=udp inside_addr=10.0.0.102 inside_port=53 outside_addr=213.84.24.229 outside_port=53
create protocol=tcp inside_addr=10.0.0.102 inside_port=80 outside_addr=213.84.24.229 outside_port=80
create protocol=tcp inside_addr=10.0.0.101 inside_port=9000 outside_addr=213.84.24.229 outside_port=9000
create protocol=tcp inside_addr=10.0.0.101 inside_port=9001 outside_addr=213.84.24.229 outside_port=9001
create protocol=udp inside_addr=10.0.0.101 inside_port=500 outside_addr=213.84.24.229 outside_port=500
save

do NOT enable addr=10.0.0.138!
For some reason doing defserver=10.0.0.101 hangs the modem.

To fully restore your modem:
telnet 10.0.0.138
login then login as expert:
EXPERT
204344068
rip
drv_read 2 1 b result given is: 9606 (if modified)
drv_write 2 1 b 9604 (ie. change last number back to a 4)
exit system
reboot

Then reset the modem to default using the button on the back.
Now you can reload the MXS_HOME software using the software and re-apply the tweak.

Problems:
I haven't yet got the following working
- ssh (or any open port) on both machines. You have to make a choice which is annoying
- routing outgoing traffic through an IP address - at the moment I'm browsing the internet on the external IP adress of the highest ppp connection name (ie. livewire2's IP) no matter through which nic I'm routing (ie. traffic coming from 10.0.0.101 or 10.0.0.102 is shown as coming from livewire2's IP).

References:
<a href="http://www.bruring.com">www.bruring.com</a>
<a href="http://www.sateh.com">www.sateh.com </a>
<a href="http://adsltweak.iscool.nl">adsltweak.iscool.nl </a>

Have fun and good luck!
Robin
<a href="mailto:rothmans_blue@mailcity.com">rothmans_blue@mailcity.com</a>

In order to get a wireless device to connect to the modem when it's set as "new stations are allowed (via registration)", you have to go to Home Network -> Wlan -> search for wireless devices. Whilst the modem is scannning, get the wireless device to connect to the modem's network.