I came to SwiftDSL after having run Optus cable successfully via Linux firewall. I got up and running using Netcomm NB1330 in gateway mode with no hassles. Now I would like to use my Linux (ClarkConnect) firewall for special purposes.

I have enabled Bridge mode and changed the WAN Type in my basic settings to 1483 Bridged IP LLC. I have plugged the NB1330 into the external NIC on my Linux box and set the IP for this NIC to my SwiftDSL static IP address. I have changed the network settings on a PC inside my network to use the Linux box as gateway and DNS server.

I find that I cannot ping the modem (192.168.0.1) from a PC in my internal network. My Linux box has IP 192.168.0.100 and has the external NIC configured to act as a router.

I am looking for some suggestions on how to get my Linux firewall to work.

Hi David,

I don't really know anything about ClarkConnect, though from browsing the website I gather it is an off-the-shelf router solution based on Linux. I'm not sure if the "normal" linux configuration (using RP-PPPOE and iptables) will apply. You'd probably be better off asking for assistance in the ClarkConnect FAQ's and community. Nonetheless I have a few comments which may be of some assistance.

In bridged mode your NB1300 acts as a simple media converter, meaning that basically what comes in one side goes out the other side. The modem's sole job is to convert ADSL signals to ethernet signals and vice versa, and it doesn't need an IP address for this. It's no great surprise that your clients can't ping your modem (neither can mine). Have you tried pinging something outside from your clients? Try 202.154.92.35 (www.swiftdsl.com.au). The Linux IP Masquerade HOWTO (http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/testing.html) has a good section on testing a NAT system in chapter 5.

One other thing is that you shouldn't really need to specify your IP address on the router, this should be negotiated as part of the PPPOE connection process (though at Swiftel you'll always get the same address).

Anyway hopefully this may be of some use to you. If you have any more questions please post back here, there are plenty of gurus lurking on these boards who may be able to help much more than I can.

Scott.

Dont make your second NIC your Swiftel IP, that is what the modem should be. And dont specify that either, it will negotiate it itself. What you want is for your CC box to dial the connection thru the modem via PPPOE which will establish the setting. Im not familiar with CC but it should be able to do this with no problems.

I recommend setting your modem to half bridged mode .... then set your firewall modem net card for DHCP .... This way you can run PPPOA on the modem which is supposed to be better/faster/more stable. Anyway its working well for me.

I have made the change to my external NIC so that it now has its IP address set by DHCP. This seems to work as an address in my subnet 192.68.0 is granted OK. I have tried various WAN Type settings and Bridge mode enabled/disabled. Still no action from my Linux box.

I am testing my setup by trying to ping my static SwiftDSL IP address (get back 'Operation not permitted' message) and by trying to ping an external IP address such as www.microsoft.com which reports back 'unknown host'.

Microsoft block pings last I checked, try yahoo.com or google.com for ping tests.

After
1. making the external NIC eth0 get its IP address by DHCP from the ADSL modem
2. fixing up the file dhcpd.conf
I have my Linux firewall firing! Now to try the VPN!
:D