Steve Morgan on 15 Apr 2009 08:36:56 -0700 |
You will know when the Actiontec router's NAT table has filled up when it all of a sudden refuses to transfer any packets. When the NAT table fills up, it becomes a Denial of Service. If you desire some advise on calling Verizon up to activate the Ethernet port while still retaining your television service, shoot me an email and we can discuss privately. Too many people claim it can't be done, but I have done it and it works. Regards, Steve Morgan On Wed, Apr 15, 2009 at 11:26 AM, Eric <eric@lucii.org> wrote: > I know that there has been a long-running extensive discussion on this list > about Verizon FiOS. I have an update to that discussion as Verizon installed > FiOS to my house on Monday > > Short version: So far, so good. > > Slightly longer version > (including MOCA and the DMZ band playing their rendition of "Mellon Collie and > the Infinite Sadness" with special guest: Actiontec on router and guitar. All > brought to you DRM Free!) > > The (otherwise nice) guy who installed it did not know anything about the > networking capability of the system and sure enough, I get an Actiontec router > on a cable connection using "MOCA." He alleged that this is necessary to get > the television features to work. My network is therefore behind a NAT firewall > so my Linux firewall/server appeared unreachable from the outside. Bummer... > but I figured I could port-forward the ssh access I desired. > > Tuesday I dug around in the Actiontec menus and viola... there is a DMZ option! > I configured the Linux firewall to have a static IP of 192.168.1.101 and > connected it to the LAN I/F of the Actiontec router. On the router I told it to > put that IP in the DMZ. > > It works! I can ssh into it from the outside which is Very Nice :-) > > I'm not sure if the puny 1Kb NAT table in the Actiontec is a factor anymore as > my network looks like this: > > [ Obviously best when viewed with a fixed-width font. ] > [ Thanks again to Walt for telling us about asciio! ] > > ____ > fiber | | Verizon Box in basement (ONT?) > ------>| | > | |--------------> Telephone > | | _ > | |---|_|--COAX--> Television box > |____| | > | > COAX > | > _|________ > [_........�]Actiontec (wireless off) > | > | > ____ _|_ > Linux |$> | |==| eth0 = 192.168.1.101 > firewall |____| | | > /::::/ |__| eth1 = 10.10.10.1 > | > | > | ___________ > '-->[_._._._._._] 10/100 switch > | | > | | > | | > | '--------> \ Home/Office Network > | - - - - -> ) > '-----------> / 10.10.10.0/24 > > > Since the Actiontec hands out 192.168.1.x addresses I changed all the devices in > my house to: 10.10.10.x (I wanted to do that anyway for using VPN to various > other networks in the 192.168.0.0/16 range.) > > Curiously, running nmap and scanning 192.168.1.1/24 from the 10.10.10.0/24 side > shows these interfaces: > 192.168.1.1 (gateway address) > 192.168.1.100 (unknown... Verizon Box uses this?) > 192.168.1.101 (Linux firewall) > I thought that the 192.168.n.n IPs did not route... is that not the case? > Perhaps it's because the firewall saw that 192.168.1.0/24 was on eth0 so it > routed the packets there? > > So far, I'm satisfied. If the Actiontec causes me problems with it's 1k NAT > table (how will I know?) then I'll be calling Verizon to get the ethernet port > on their box turned on! > > Eric > -- > # Eric Lucas > # > # "Oh, I have slipped the surly bond of earth > # And danced the skies on laughter-silvered wings... > # -- John Gillespie Magee Jr > > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|