1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Connecting to modem through router

Discussion in 'Tomato Firmware' started by eegorr, May 27, 2009.

  1. eegorr

    eegorr Network Guru Member

    Has anyone here tried this with Tomato on a WRT54GSv4?
    Connecting to modem through router...

    There is a more detailed treatment here, in the DD-WRT forum:
    Access to modem configuration...

    For me, the second link is more useful.

    It looks to me like all it would take is to add this to the Init script:
    Code:
    ifconfig vlan1:1 10.0.0.2 netmask 255.255.255.0
    and this to the WAN Up script:
    Code:
    iptables -I POSTROUTING -t nat -o vlan1 -d 10.0.0.0/24 -j MASQUERADE
    Actually, I just got this working via telnet, so now I am only wondering about the placement of these commands so that it will start automatically on reboot. This is useful because I can see real-time statistics and configuration information for my modem via a browser window (or tab), just as we can with Tomato for our routers.

    FYI, I have a SpeedStream 5660 (recently upgraded from 5260) DSL modem (bridge mode) connected to the WAN port of my gateway router (WRT54GSv4 w/Tomato v1.25) and connect through it via PPPoE to my ISP (just like the pretty picture on the page referenced by the second link, above). The IP address of the modem defaults to 10.0.0.1.

    Thanks for any advice on the subject...
     
  2. Toastman

    Toastman Super Moderator Staff Member Member

  3. eegorr

    eegorr Network Guru Member

    Thanks... I did search the forum but there were too many hits. I went through a bunch of the posts before deciding to post my own question here. Obviously, I did a Google search as well, which was more productive - that is how I came up with the links I posted.

    From what I saw on the threads you linked to, the Init script is probably the right place for the first (ifconfig) command, but there was nothing specifically said about the second (iptables) command. On reconsideration, it should probably only be run once, so the Init or Firewall scripts are probably better places for it. I'm not certain, but the IP table might fill up with duplicate entries on multiple connects between reboots if that command was placed in the WAN Up script.

    Thanks again... I think I'll try putting both of them in the Init script and see how that works.
     
  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    You'll need to put the iptables command in the firewall script or it won't take effect (iptables entries are reset just before the firewall script is run each time).
     
  5. eegorr

    eegorr Network Guru Member

    Putting the first (ifconfig) command in the Init script did not work for me, but I didn't play around much with delays (there was already a delay of 9 seconds ahead of it in the script). I tried this running the second (iptables) command via telnet as well, since it worked when I ran both via telnet.

    What did work for me is adding both commands to my Firewall script:
    Code:
    sleep 5
    # setup to allow access to DSL modem for configuration and statistical data
    ifconfig vlan1:1 10.0.0.2 netmask 255.255.255.0
    iptables -I POSTROUTING -t nat -o vlan1 -d 10.0.0.0/24 -j MASQUERADE
    It worked with 4 seconds of delay, but I set it to 5 just to be safe. Note that there is already a delay of 5 seconds ahead of these commands in the Firewall script. Best thing to do is to add a lot of delay to get it working, pare down the delay a little at a time until it stops, then go back to the last delay that worked plus a 10-20% pad for safety.

    The WAN Up script might actually be a better place for it since this is related to the WAN port, assuming that multiple duplicate calls of "iptables" (because of PPPoE reconnects) are not an issue. Does anyone know if this could be a problem, or am I just worrying about nothing?
     
  6. eegorr

    eegorr Network Guru Member

    I guess what you are saying is that the iptables command can't be run in the Init script, ahead of the Firewall script, right?

    If I put the iptables (and ifconfig) command(s) in the WAN Up script instead, would there be a problem if the same command ran multiple times between reboots (because of PPPoE reconnects)? If so, then the Firewall script seems to be the best place for both - it is working for me.

    Thanks...
     
  7. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    The firewall script is the correct place for the iptables commands. However, the ifconfig line is probably more appropriately put in the WAN up script. You probably wouldn't even need a "sleep" delay if you put it there.
     
  8. eegorr

    eegorr Network Guru Member

    Okay, thanks. Interesting, but that is completely different from the setup used by the guy in the first link I posted:
    Connecting to modem through router...

    Then again, his examples use an "ipconfig" command, like Windows. Is that an error, or is that the form of the command in DD-WRT and OpenWRT?

    I'll probably just leave them together in the Firewall script since it is working and better documented that way.

    Thanks again for your help...
     
  9. Toastman

    Toastman Super Moderator Staff Member Member

  10. mstombs

    mstombs Network Guru Member

    Just to clarify both the Firewall script and the WAN-UP script are both run every time the WAN connects or reconnects. The Firewall script is run before the WAN is usable, and should not need delays - it is designed for use in adding rules just before the WAN is brought up.

    The WAN-UP script is for things that need a working WAN connection - wgets for adblocks, sending mail etc.

    Add simple "logger" entries to the scripts to see for yourself!

    If you create and run files from the Firewall or WAN-UP they should check whether or not they have already run and take appropriate decisions.

    The init script runs very early during startup, so often needs a time delay for things (including logger commands) to be in correct state before acting.
     
  11. Planiwa

    Planiwa LI Guru Member

    All that is good and true.

    However, if/when the router reboots and fails to establish PPP, the LAN will not be able to access the modem.

    When there is trouble getting a connection established it can be crucial to have access to the modem, no?


    That is why I include both commands in the Init script, and the iptables command again in the wan-up script.

    For Tomato/MLPPP it's slightly different and may need a trick. I wrote this two days ago: http://www.dslreports.com/forum/r22441226-Re-Tomatomlppp-modem-access
     
  12. eegorr

    eegorr Network Guru Member

    Then it is safe to say that multiple identical iptables calls will not create duplicate entries, is that right?
     
  13. Planiwa

    Planiwa LI Guru Member

    Oh, they will create duplicates if one is run when another already exists.

    But this is not the case here, is it?

    The INITial one lasts exactly until the FW goes up, at which time *it* goes away (to be replaced by an identical one). :)
     
  14. jza80

    jza80 Network Guru Member

    I use the following commands placed in the firewall script:

    iptables -I POSTROUTING -t nat -o vlan1 -d 192.168.0.0/30 -j MASQUERADE
    ip addr add 192.168.0.2/30 dev vlan1 brd +


    I've used these commands both for PPPoE (router initiated) and DHCP.

    IP address of my modem is 192.168.0.1

    .
    .

    In your case the commands would be:

    iptables -I POSTROUTING -t nat -o vlan1 -d 10.0.0.0/30 -j MASQUERADE
    ip addr add 10.0.0.2/30 dev vlan1 brd +
     
  15. eegorr

    eegorr Network Guru Member

    Thanks, but the commands to use haven't been an issue since before I finished the original post in this thread; only the placement of them in the various adminstrative scripts was in question.
     
  16. eegorr

    eegorr Network Guru Member

    Now I understand!

    Is the entire iptable rebuilt on every WAN reconnect? That is something I was not aware of - I guess it makes sense, though.

    Okay, so now I have these lines in my init script:
    Code:
    # setup to allow access to DSL modem for configuration and statistical data
    ifconfig vlan1:1 10.0.0.2 netmask 255.255.255.252
    iptables -I POSTROUTING -t nat -o vlan1 -d 10.0.0.0/30 -j MASQUERADE
    and this in my firewall script:
    Code:
    # setup to allow access to DSL modem for configuration and statistical data
    iptables -I POSTROUTING -t nat -o vlan1 -d 10.0.0.0/30 -j MASQUERADE
    After a couple of reboots, I can still see my DSL modem. Thanks for your help, guys!

    One more question: what is the functional difference between ip notation 10.0.0.0/24 and 10.0.0.0/30? I've seen it both ways, here and in other threads.

    Thanks...
     
  17. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    The number after the / is the number of bits that remain constant on the subnet. The higher the number, the narrower the subnet
    Code:
    10.0.0.0/8     == 10.0.0.0    - 10.255.255.255
    192.168.0.0/16 == 192.168.0.0 - 192.168.255.255
    172.16.0.0/12  == 172.16.0.0  - 172.31.255.255
    10.0.0.0/24    == 10.0.0.0    - 10.0.0.255
    10.0.0.0/30    == 10.0.0.0    - 10.0.0.3
    10.0.0.16/30   == 10.0.0.16   - 10.0.0.19
     
  18. jza80

    jza80 Network Guru Member

    Simple answer, /30 has less usable IP/host addresses then a /24.

    Long answer would involve explaining base 2 (binary), IP addressing, and subnetting.

    .
    .


    10.0.0.0/24 = 10.0.0.0 with a subnet mask of 255.255.255.0

    10.0.0.0: network address
    10.0.0.1: first usable IP/host address
    10.0.0.0.254: last usable IP/host address
    10.0.0.0.255: broadcast address

    .
    .

    10.0.0.0/30 = 10.0.0.0 with a subnet mask of 255.255.255.252

    10.0.0.0: network address
    10.0.0.1: first usable IP/host address
    10.0.0.2: last usable IP/host address
    10.0.0.3: broadcast address


    1. Network address and broadcast address are not usable.

    2. / (slash) or CIDR notation is another way to specify a subnet mask.
     
  19. eegorr

    eegorr Network Guru Member

    Okay, that makes sense - it is basically a different, more flexible notation for the netmask of a subnet (10.0.0.0/24 = 10.0.0.0, netmask 255.255.255.0), right?

    Obviously, 30 would be more appropriate for my situation, with only 10.0.0.1 and 10.0.0.2 in the subnet, but 24 would work as well.

    Thanks again, everyone...
     
  20. jza80

    jza80 Network Guru Member

    10.0.0.0/24 and 10.0.0.0 with mask of 255.255.255.0 are the same. 2 different ways of saying the same thing.

    /24 means that a IP address has 24 network bits. 255.255.255.0 in binary = 11111111.11111111.11111111.00000000. Counting from left to right theres 24 continuous 1's, this is where /24 comes from.
    .
    .

    To see this, I'll convert 10.0.0.0/24 into binary like so:

    00001010.00000000.00000000.00000000 (10.0.0.0)
    11111111.11111111.11111111.00000000 (255.255.255.0)

    For every bit in the subnet mask thats a "1" we use the corresponding bit from the network address. We'll use "0" for the rest of the bits. 00001010.00000000.00000000.00000000 (10.0.0.0).

    So were left with 8 bits (host bits) for the host address.

    .
    .

    1. Starting from left to right we change the last bit in the host bits to 1.

    00001010.00000000.00000000.00000001 (10.0.0.1)

    2. Then all bits to 1 except the right most bit which is 0.

    00001010.00000000.00000000.11111110 (10.0.0.254)

    3. All bits to 1.

    00001010.00000000.00000000.11111111 (10.0.0.255)


    Theres others that will work besides /30 and /24.

    /24 = 255.255.255.0, 256 total IPs, 254 usable
    /25 = 255.255.255.128, 128 total IPs, 126 usable
    /26 = 255.255.255.192, 64 total IPs, 62 usable
    /27 = 255.255.255.224, 32 total IPs, 30 usable
    /28 = 255.255.255.240, 16 total IPs, 14 usable
    /29 = 255.255.255.248, 8 total IPs, 6 usable
    /30 = 255.255.255.252, 4 total IPs, 2 usable
    /31 = 255.255.255.254, 2 total IPs, 0 usable
    /32 = 255.255.255.255, 1 total IPs, 0 usable


    The entire IPv4 address space is 0.0.0.0 - 255.255.255.255 or /0 - /32.

    IP address has 32 bits or 4 octets of 8 bits. Same goes for subnet mask.
     
  21. Planiwa

    Planiwa LI Guru Member

    Or we can can think of, say:

    a.b.c.0/24 as equivalent to a.b.c.*

    Note that while many modems end in .1, some end in .254 -- SpeedTouch and Speedstream, for example, so that 192.168.1.0/30 would fail to include 192.168.1.254 ...

    Now, for the "magic of 10" alluded to here: http://www.dslreports.com/forum/r22441226-Re-Tomatomlppp-modem-access

    When we have:
    ip addr add 192.168.1.10/24 dev br1 brd +

    [edit:]
    [silliness edited away]

    it is equivalent to 192.168.1.0/24 -- however reportedly with MLPPP "the magic of 10" sometimes works somehow. :)
     
  22. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    192.168.1.10/24 means 192.168.1.0-192.168.1.255 just like 192.168.1.0/24 does. It's just that the "ip addr add" command mashes together the ip address and subnet so it's saying "give this interface an ip address of 192.168.1.10 and use a /24 subnet (192.168.1.0/24).
     
  23. Planiwa

    Planiwa LI Guru Member

    Of course it does. Silly me. :)
     
  24. jza80

    jza80 Network Guru Member

    Change 192.168.1.0/30 to 192.168.1.252/30. :)

    192.168.1.252 = network address
    .253 = first usable IP/host address
    .254 = last usable IP/host address
    .255 = broadcast address


    /24 can be subnetted into 64 /30's, with 2 bits left over for host.

    To get from /24 to /30, you borrow 6 bits. 2 to the 6th power = 64, so you have 64 subnets.

    IP address and subnet mask have a total of 32 bits. Since we're using /30, we can subtract that from 32 which gives us 2 bits for host. 2 to 2nd power = 4, so each subnet has a total of 4 IP addresses.

    .
    .

    192.168.1.0/24 subnetted into multiple /30 would look like this:


    192.168.1.0/30
    192.168.1.4/30
    192.168.1.8/30
    etc....
    etc....

    You would need to use 192.168.1.0/23 to cover that range of IP addresses.

    192.168.1.0 = network address
    192.168.1.1 = first usable IP/host address
    192.168.2.254 = last usable IP/host address
    192.168.2.255 = broadcast address
     

Share This Page