Eric on 15 Apr 2009 08:26:48 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Update: Verizon FiOS

I know that there has been a long-running extensive discussion on this list 
about Verizon FiOS.  I have an update to that discussion as Verizon installed 
FiOS to my house on Monday

Short version:  So far, so good.

Slightly longer version
(including MOCA and the DMZ band playing their rendition of "Mellon Collie and 
the Infinite Sadness" with special guest: Actiontec on router and guitar.  All 
brought to you DRM Free!)

The (otherwise nice) guy who installed it did not know anything about the 
networking capability of the system and sure enough, I get an Actiontec router 
on a cable connection using "MOCA."  He alleged that this is necessary to get 
the television features to work.  My network is therefore behind a NAT firewall 
so my Linux firewall/server appeared unreachable from the outside.  Bummer... 
but I figured I could port-forward the ssh access I desired.

Tuesday I dug around in the Actiontec menus and viola... there is a DMZ option! 
I configured the Linux firewall to have a static IP of and 
connected it to the LAN I/F of the Actiontec router.  On the router I told it to 
put that IP in the DMZ.

It works! I can ssh into it from the outside which is Very Nice :-)

I'm not sure if the puny 1Kb NAT table in the Actiontec is a factor anymore as
my network looks like this:

   [ Obviously best when viewed with a fixed-width font. ]
   [ Thanks again to Walt for telling us about asciio!   ]

fiber   |    | Verizon Box in basement (ONT?)
  ------>|    |
         |    |--------------> Telephone
         |    |    _
         |    |---|_|--COAX--> Television box
         |____|    |
                 [_........�]Actiontec (wireless off)
              ____   _|_
    Linux    |$>  | |==| eth0 =
   firewall  |____| |  |
             /::::/ |__| eth1 =
                  |    ___________
                  '-->[_._._._._._] 10/100 switch
                          |  |
                          |  |
                          |  |
                          |  '-------->  \    Home/Office Network
                          |   - - - - ->  )
                          '----------->  /

Since the Actiontec hands out 192.168.1.x addresses I changed all the devices in 
my house to: 10.10.10.x (I wanted to do that anyway for using VPN to various 
other networks in the range.)

Curiously, running nmap and scanning from the side 
shows these interfaces:    (gateway address)  (unknown... Verizon Box uses this?)  (Linux firewall)
I thought that the 192.168.n.n IPs did not route... is that not the case?
Perhaps it's because the firewall saw that was on eth0 so it 
routed the packets there?

So far, I'm satisfied.  If the Actiontec causes me problems with it's 1k NAT 
table (how will I know?) then I'll be calling Verizon to get the ethernet port 
on their box turned on!

#  Eric Lucas
#                "Oh, I have slipped the surly bond of earth
#                 And danced the skies on laughter-silvered wings...
#                                        -- John Gillespie Magee Jr

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --