Okay Swiftel have provided me with a /30 IP range though nothing is showing up here. Would half-bridge have any effect on it? I tried adding routes on the modem though it makes no difference.

When I do a traceroute I get:

traceroute to 218.214.208.126 (218.214.208.126), 30 hops max, 38 byte packets
1 baboon.arach.net.au (203.30.44.55) 53.494 ms 47.179 ms 63.898 ms
2 venom-dialups.arach.net.au (203.30.44.62) 47.745 ms 39.213 ms 39.871 ms
3 microlink1-labyrinth1.arach.net.au (203.30.44.246) 55.854 ms 47.256 ms 47.790 ms
4 FastEthernet2-1.qvb1.Perth.telstra.net (139.130.130.1) 55.827 ms 47.174 ms 39.761 ms
5 GigabitEthernet2-1.wel-core3.Perth.telstra.net (203.50.112.57) 39.896 ms 55.163 ms 39.774 ms
6 Pos4-0.way-core4.Adelaide.telstra.net (203.50.6.193) 71.862 ms 79.136 ms 79.748 ms
7 Pos5-0.exi-core1.Melbourne.telstra.net (203.50.6.161) 95.790 ms 87.163 ms 87.847 ms
8 Pos6-0.chw-core2.Sydney.telstra.net (203.50.6.17) 119.838 ms 102.988 ms 103.863 ms
9 GigabitEthernet1-2.ken12.Sydney.telstra.net (203.50.19.22) 111.835 ms 103.049 ms 95.852 ms
10 asiag1.lnk.telstra.net (139.130.159.10) 127.863 ms 103.183 ms 111.722 ms
11 fe0-1-0-100M.ar2.SYD1.gblx.net (203.192.136.6) 119.729 ms 103.082 ms 95.8
72 ms
12 swiftel-2nd-ipaddress.ar2.syd1.gblx.net (203.192.167.38) 127.833 ms 103.201 ms 103.938 ms
13 swiftel-FE-ar1.syd1.gblx.net (203.192.167.34) 95.985 ms 95.319 ms 95.919 ms
14 adsl-17-254.swiftdsl.com.au (218.214.17.254) 87.989 ms 95.408 ms 87.987 ms
15 p-nya.swiftel.com.au (202.154.95.169) 111.964 ms 103.528 ms 103.963 ms
16 p-nya.swiftel.com.au (202.154.95.169) 111.971 ms 119.112 ms 111.972 ms
17 p-nya.swiftel.com.au (202.154.95.169) 119.987 ms 127.168 ms 127.953 ms
18 p-nya.swiftel.com.au (202.154.95.169) 135.937 ms 135.141 ms 167.993 ms
19 p-nya.swiftel.com.au (202.154.95.169) 183.937 ms 151.072 ms 151.981 ms
20 p-nya.swiftel.com.au (202.154.95.169) 159.926 ms 159.157 ms 183.962 ms
21 p-nya.swiftel.com.au (202.154.95.169) 175.973 ms 175.122 ms 175.956 ms
22 p-nya.swiftel.com.au (202.154.95.169) 183.940 ms 191.155 ms 207.934 ms
23 p-nya.swiftel.com.au (202.154.95.169) 239.980 ms 295.194 ms 191.963 ms
24 p-nya.swiftel.com.au (202.154.95.169) 207.962 ms 207.069 ms 207.989 ms
25 p-nya.swiftel.com.au (202.154.95.169) 223.934 ms 223.147 ms 223.957 ms
26 p-nya.swiftel.com.au (202.154.95.169) 240.006 ms 231.088 ms 231.969 ms
27 p-nya.swiftel.com.au (202.154.95.169) 239.957 ms 271.109 ms 239.975 ms
28 p-nya.swiftel.com.au (202.154.95.169) 271.955 ms 255.075 ms 271.989 ms
29 p-nya.swiftel.com.au (202.154.95.169) 271.928 ms 271.138 ms 263.934 ms
30 p-nya.swiftel.com.au (202.154.95.169) 280.004 ms 287.088 ms 287.993 ms

Any ideas?

Thanks,

Jeremy

Okay Swiftel have provided me with a /30 IP range though nothing is showing up here. Would half-bridge have any effect on it? I tried adding routes on the modem though it makes no difference.

When I do a traceroute I get:

traceroute to 218.214.208.126 (218.214.208.126), 30 hops max, 38 byte packets
1 baboon.arach.net.au (203.30.44.55) 53.494 ms 47.179 ms 63.898 ms
2 venom-dialups.arach.net.au (203.30.44.62) 47.745 ms 39.213 ms 39.871 ms
3 microlink1-labyrinth1.arach.net.au (203.30.44.246) 55.854 ms 47.256 ms 47.790 ms
4 FastEthernet2-1.qvb1.Perth.telstra.net (139.130.130.1) 55.827 ms 47.174 ms 39.761 ms
5 GigabitEthernet2-1.wel-core3.Perth.telstra.net (203.50.112.57) 39.896 ms 55.163 ms 39.774 ms
6 Pos4-0.way-core4.Adelaide.telstra.net (203.50.6.193) 71.862 ms 79.136 ms 79.748 ms
7 Pos5-0.exi-core1.Melbourne.telstra.net (203.50.6.161) 95.790 ms 87.163 ms 87.847 ms
8 Pos6-0.chw-core2.Sydney.telstra.net (203.50.6.17) 119.838 ms 102.988 ms 103.863 ms
9 GigabitEthernet1-2.ken12.Sydney.telstra.net (203.50.19.22) 111.835 ms 103.049 ms 95.852 ms
10 asiag1.lnk.telstra.net (139.130.159.10) 127.863 ms 103.183 ms 111.722 ms
11 fe0-1-0-100M.ar2.SYD1.gblx.net (203.192.136.6) 119.729 ms 103.082 ms 95.8
72 ms
12 swiftel-2nd-ipaddress.ar2.syd1.gblx.net (203.192.167.38) 127.833 ms 103.201 ms 103.938 ms
13 swiftel-FE-ar1.syd1.gblx.net (203.192.167.34) 95.985 ms 95.319 ms 95.919 ms
14 adsl-17-254.swiftdsl.com.au (218.214.17.254) 87.989 ms 95.408 ms 87.987 ms
15 p-nya.swiftel.com.au (202.154.95.169) 111.964 ms 103.528 ms 103.963 ms
16 p-nya.swiftel.com.au (202.154.95.169) 111.971 ms 119.112 ms 111.972 ms
17 p-nya.swiftel.com.au (202.154.95.169) 119.987 ms 127.168 ms 127.953 ms
18 p-nya.swiftel.com.au (202.154.95.169) 135.937 ms 135.141 ms 167.993 ms
19 p-nya.swiftel.com.au (202.154.95.169) 183.937 ms 151.072 ms 151.981 ms
20 p-nya.swiftel.com.au (202.154.95.169) 159.926 ms 159.157 ms 183.962 ms
21 p-nya.swiftel.com.au (202.154.95.169) 175.973 ms 175.122 ms 175.956 ms
22 p-nya.swiftel.com.au (202.154.95.169) 183.940 ms 191.155 ms 207.934 ms
23 p-nya.swiftel.com.au (202.154.95.169) 239.980 ms 295.194 ms 191.963 ms
24 p-nya.swiftel.com.au (202.154.95.169) 207.962 ms 207.069 ms 207.989 ms
25 p-nya.swiftel.com.au (202.154.95.169) 223.934 ms 223.147 ms 223.957 ms
26 p-nya.swiftel.com.au (202.154.95.169) 240.006 ms 231.088 ms 231.969 ms
27 p-nya.swiftel.com.au (202.154.95.169) 239.957 ms 271.109 ms 239.975 ms
28 p-nya.swiftel.com.au (202.154.95.169) 271.955 ms 255.075 ms 271.989 ms
29 p-nya.swiftel.com.au (202.154.95.169) 271.928 ms 271.138 ms 263.934 ms
30 p-nya.swiftel.com.au (202.154.95.169) 280.004 ms 287.088 ms 287.993 ms

Any ideas?

Thanks,

Jeremy


Hmm this looks possibly like a routing problem at Swiftel's end, but I've never seen a traceroute look like that before....

Originally posted by sticky_chicken
Hmm this looks possibly like a routing problem at Swiftel's end, but I've never seen a traceroute look like that before....

I have when router running config hasn't been saved and the router gets rebooted, etc.

Looks as though it can't be done with half-bridge. The packets were just coming in the modem and it was routing them back out through it's default route. I did try changing the routes but it made no difference. I'll just have to put up with PPPoE for the moment.

Is than an nb1300 modem? From what little I've read about it, its supposed to do the ip stuff in bridged mode - ie. it lets the bridged machine do it all. ie. it passes all IP packets to that box (one way or another). If thats the case, then how would routes on the nb1300 affect that?

This (http://www.cse.unsw.edu.au/~simonb/swiftel/halfbridge.html) looks pretty useful.

It's a Billion 711CE, but are you sure that's the case with the NB1300? I'm sure it would be for packets destined for the PPP IP addr but can't be so sure for other IPs.

Don't know. Did you see the link I posted? That elaborates some.

Yeah, but didn't say anything about this. The problem is that while the IPs are routed to the IP address of the PPP host, this IP address doesn't actually go into the IP header. Instead for ethernet, the packets are sent to the MAC address of the said IP address while still being destined for an IP in a different block of IPs. As for PPP, there are no MAC addresses so it's essentially sent down the PPP link where the modem operating in half-bridge has no idea what to do with it. Ironically though, I couldn't even use the routing table on the modem to solve the problem (tried using a destination of the PPP IP addr but that didn't work). Maybe an Alcatel modem with SIP spoof would do the job though.

Re the use of the routing table on the modem - I'd have thought that when in HB mode, it doesn't care to contemplate src/dst addy's - its just kinda forwarding IP packets, encapsulated on the WAN side with pppoa. Yes? Thats why its called a bridge and not a router.

Re the IP addy in the IP header - why wouldn't it be? When swiftel's router forwards packets to your network, they're already IP packets with all such fields ready - PPP(OA/OE) just wraps that in a PPP header, and sends it down the line, for decap afterwards? Yes?

Re the idea that with ethernet, the MAC addy is chosen based on the IP.... I would've thought that when in bridged mode, the modem doesn't check the arp table to find which MAC corresponds to that dest IP - it just passes the packets on to whichever box it dished the PPP IP addy to, assuming it will route it on to your DMZ. It KNOWS that its bridging for a router thats doing IP, so it doesn't try to make such decisions.

Sorry for the babble... now's not the time to be screwing my brain over this... :confused: desite it being an interesting scenario.

sTu.

Originally posted by stus
Re the use of the routing table on the modem - I'd have thought that when in HB mode, it doesn't care to contemplate src/dst addy's - its just kinda forwarding IP packets, encapsulated on the WAN side with pppoa. Yes? Thats why its called a bridge and not a router.


Just because it's called 'half-bridge' doesn't really mean anything. It's probably just called that because it acts like a bridge. But I doubt it's just blindly forwarding IP packets, otherwise when you wouldn't be able to access the admin interface of the modem.


Re the IP addy in the IP header - why wouldn't it be? When swiftel's router forwards packets to your network, they're already IP packets with all such fields ready - PPP(OA/OE) just wraps that in a PPP header, and sends it down the line, for decap afterwards? Yes?


I meant that the IP address of the next hop doesn't go into the header as the IP layer is essentially left unscathed by routers. So if a packet comes in that isn't adressed to the IP address of the PPP interface and the modem is processing it at layer 3, it won't know what to do.

Unless someone actually has 'half-bridge' mode setup and is sucessfully routing a block of IPs to their PC at the same time, I'm not convinced it'll work. It seems like a quite a hack since even when I tried routing the block of IPs to the PPP interface address, hoping that the modem would send it to the PC, it didn't work. Doing a packet dump also confirmed that the packets weren't reaching the PC.

All you need to do is put the FIRST ip address of the /30 on the internal interface of your modem/router.... then each computer on the inside gets an independant ip address from the *rest* of the range...

therefore

Public (phone line) address of modem router will be your swiftel account ip address assigned by dhcp from swift, private (or ethernet/usb) interface of modem router will be the first address in range... (i.e. if you were given 208.115.54.8 - 208.115.54.15, then the 208.115.54.8 (or what is called the route address) is put on the internal interface on modem. For your computers you then use .9-.14 (remeber the *last* address (.15 in this example) is the broadcast division address (broadcast addr for your network, but divides you from Next Persons network that starts on next ip)

cheers

That isn't quite what I wanted to do. I have a Linux router with 3 NICs. One goes to my LAN which is NATed, another goes to my server which is where I use the /30 and the last one of course goes to the modem (where I wanted to use half-bridge but have resorted to PPPoE).

Originally posted by jeremy Just because it's called 'half-bridge' doesn't really mean anything. It's probably just called that because it acts like a bridge. But I doubt it's just blindly forwarding IP packets, otherwise when you wouldn't be able to access the admin interface of the modem.

Does this description of half-bridge mode help any?

"When you program your Billion modem into half-bridged mode, the modem still acts as the PPPoE client, however passes through the Public IP to your computer."

IMO, passing the public (ISP assigned) IP addy to the bridged computer implies that the modem won't be thinking about the IP header contents. I agree this does conflict with the fact that it still needs to respond to the admin/config IP addy... but looking for that on each LAN-in packet is different to doing full IP stuffs, like routing etc.

sTu.

De-capsulating each packet, examining it's IP contents and deciding whether to forward it, before re-encapsulating it is close enough to routing if you ask me. Though obiviously it must be doing layer 3 routing since I wasn't actually getting anything destined for the /30 on the ethernet interface. Additionally I can conclude from my original traceroute that /30 packets were coming in then being spat out through the default route (set to ppp) and hence the routing loop. Though that doesn't explain why manually tweaking the routing table didn't fix it (unless the way it routes to the ppp IP addr is dodgy).

I haven't read through the whole thing, but maybe this could be of use to you.

http://adsl.cutw.net/dsl.html

hope it helps.

Looks like useful info though I don't think it'll have anything on half-bridge. Another thread that I started on a similar topic though (incase anyone hasn't seen it):
SIP spoof and Swiftel provided/routed IP ranges (http://forum.swiftdsl.com.au/showthread.php?s=&threadid=2916)

Thanks for the pointer to your other thread... looks like a promising lead... if only to get exposure to others who've tried same.

Originally posted by jeremy
That isn't quite what I wanted to do. I have a Linux router with 3 NICs. One goes to my LAN which is NATed, another goes to my server which is where I use the /30 and the last one of course goes to the modem (where I wanted to use half-bridge but have resorted to PPPoE).

ok, I had another quick scan through this thread and didn't see the answer to this mentioned.

have you turned off NATing on your adsl modem LAN connection?

if your linux router is doing the NAT work, you don't need to do it twice.

As I said, I was using 'half-bridge' so NAT is automatically disabled. Ditto with PPPoE.

and your modem LAN-side ip address is one of your /30s and the linux NIC is the other, correct?

<apologies for the step by step questions>

Well try something like this:

+----------+
| modem |
+----------+
|
| PPP allocated address
|
+--------------------+ +---------+
| Linux GW/router |----| Server |
+--------------------+ +---------+
| /30 addresses
| (gw has the first one, server has the second)
|
LAN with internal addresses.

what's the linux equivalent of ipconfig /all - does it show that the linux box is getting the adsl ip address? from the linux box, can you ping an external interface? how about from the PCs, can they get out? can they access the server? I'm assuming that you've tested all that, but it's worth confirming.

the ip forwarding thing is interesting - if it's operating in bridge mode (half or otherwise) then, as you said, it's making switching decisions at layer two and not layer three. I couldn't find anything on the billion website about ip masquerading on the 711s, maybe it does process the ip (like a layer three switch.)

it still uses the swiftel address for the web admin interface, right?

it wouldn't be something stupid like the order of entries in the routing table? even though it's not supposed to be looking at the ip address it must at least be recognising it - maybe it's a "feature" of the firmware.

what do billion have to say for themselves?

Originally posted by 3cakes
what's the linux equivalent of ipconfig /all - does it show that the linux box is getting the adsl ip address? from the linux box, can you ping an external interface? how about from the PCs, can they get out? can they access the server? I'm assuming that you've tested all that, but it's worth confirming.


Yes the Linux machine gets the IP address fine through DHCP (usually except that half-bridge seems to be a bit dodgy; see: 711CE half-bridge, DHCP/connectivity issues (http://www.ausadsl.info/cgi-bin/ikonboard.cgi?act=ST;f=4;t=679) though that has nothing to do with the /30 problems).


the ip forwarding thing is interesting - if it's operating in bridge mode (half or otherwise) then, as you said, it's making switching decisions at layer two and not layer three.


Eeer well it has to strip the layer 2 headers . Even if it really were bridging properly it'd be said that it's acting as a "translational bridge" but it's not as can be determined by the fact that it's looking at the routing table before deciding what to do.


it still uses the swiftel address for the web admin interface, right?


I don't know any modems that do though that's a bad thing to do as far as security goes. Acess to the admin interface is through an internal address (which obviously matches the default route when using half-bridge).


what do billion have to say for themselves?

I emailed support, got a response from the support person that it's beyond their knowledge. So asked him if he could forward it on to someone who may know. Still waiting for that response.