|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] Update: Verizon FiOS
|
I know that there has been a long-running extensive discussion on this list
about Verizon FiOS. I have an update to that discussion as Verizon installed
FiOS to my house on Monday
Short version: So far, so good.
Slightly longer version
(including MOCA and the DMZ band playing their rendition of "Mellon Collie and
the Infinite Sadness" with special guest: Actiontec on router and guitar. All
brought to you DRM Free!)
The (otherwise nice) guy who installed it did not know anything about the
networking capability of the system and sure enough, I get an Actiontec router
on a cable connection using "MOCA." He alleged that this is necessary to get
the television features to work. My network is therefore behind a NAT firewall
so my Linux firewall/server appeared unreachable from the outside. Bummer...
but I figured I could port-forward the ssh access I desired.
Tuesday I dug around in the Actiontec menus and viola... there is a DMZ option!
I configured the Linux firewall to have a static IP of 192.168.1.101 and
connected it to the LAN I/F of the Actiontec router. On the router I told it to
put that IP in the DMZ.
It works! I can ssh into it from the outside which is Very Nice :-)
I'm not sure if the puny 1Kb NAT table in the Actiontec is a factor anymore as
my network looks like this:
[ Obviously best when viewed with a fixed-width font. ]
[ Thanks again to Walt for telling us about asciio! ]
____
fiber | | Verizon Box in basement (ONT?)
------>| |
| |--------------> Telephone
| | _
| |---|_|--COAX--> Television box
|____| |
|
COAX
|
_|________
[_........�]Actiontec (wireless off)
|
|
____ _|_
Linux |$> | |==| eth0 = 192.168.1.101
firewall |____| | |
/::::/ |__| eth1 = 10.10.10.1
|
|
| ___________
'-->[_._._._._._] 10/100 switch
| |
| |
| |
| '--------> \ Home/Office Network
| - - - - -> )
'-----------> / 10.10.10.0/24
Since the Actiontec hands out 192.168.1.x addresses I changed all the devices in
my house to: 10.10.10.x (I wanted to do that anyway for using VPN to various
other networks in the 192.168.0.0/16 range.)
Curiously, running nmap and scanning 192.168.1.1/24 from the 10.10.10.0/24 side
shows these interfaces:
192.168.1.1 (gateway address)
192.168.1.100 (unknown... Verizon Box uses this?)
192.168.1.101 (Linux firewall)
I thought that the 192.168.n.n IPs did not route... is that not the case?
Perhaps it's because the firewall saw that 192.168.1.0/24 was on eth0 so it
routed the packets there?
So far, I'm satisfied. If the Actiontec causes me problems with it's 1k NAT
table (how will I know?) then I'll be calling Verizon to get the ethernet port
on their box turned on!
Eric
--
# Eric Lucas
#
# "Oh, I have slipped the surly bond of earth
# And danced the skies on laughter-silvered wings...
# -- John Gillespie Magee Jr
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|