Second WAN not working / adding ports to vlan with swconfig

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
mflorezm
DD-WRT Novice


Joined: 19 Feb 2018
Posts: 11

PostPosted: Tue Dec 06, 2022 19:53    Post subject: Second WAN not working / adding ports to vlan with swconfig Reply with quote
Hi Guys,

I'm not able to add one of my switch ports to receive an external ip from ISP.

Router/Version: Netgear R8500 (Broadcom BCM4709)
Firmware Version: DD-WRT v3.0-r50963 std (11/28/22)
Kernel Version: Linux 4.4.302-st28 #8309 SMP Mon Nov 28 05:28:56 +06 2022 armv7l

I have two public static IPs from my ISP (179.33.26.204 and 179.33.26.205). They came to me by ffth using PPPoE on vlan 100 (tagged).

The router gets the WAN ip 179.33.26.204 without any issues and i used the following code to route all traffic from second external IP to a LAN IP.

/usr/sbin/ip addr add 179.33.26.205/29 dev vlan100
/usr/sbin/iptables -I FORWARD -d 10.24.1.173 -j ACCEPT
/usr/sbin/iptables -t nat -I PREROUTING 1 -p all -d 179.33.26.205 -j DNAT --to 10.24.1.173
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 10.24.1.173 -j SNAT --to 179.33.26.205

All of this works like a charm, nevertheless, on 179.33.26.205 i need to use a Bind9 DNS server and unfortunately the bind9 server is not able to listen of 0.0.0.0:53, just on 10.24.1.173:53, so, it doesn't resolve any query tat comes from 179.33.26.205 just 10.24.1.x dns requests. No matter to forward ports TCP 53 and UDP 53 (that is the the way it works). Ports are one on public ip as telnet works, but there is no answer on DNS queries.

So, what now i need is to receive directly the ip 179.33.26.205 on the Linux Debian server where DNS is installed, to have the server directly on internet and not behind the router.

I followed the instructions on https://wiki.dd-wrt.com/wiki/index.php/VLAN_Bridging_WAN_and_a_LAN_port#Second_WAN_port, but as i'm using r50963 i have to use swconfig instead of nvram.

The original answer to swconfig dev switch0 show, was:

VLAN 1:
ports: 2 3 4 5 7 8t
VLAN 100:
ports: 0t 8t

So, i sent the commands:

swconfig dev switch0 vlan 100 set ports "0t 2 8t"
swconfig dev switch0 vlan 1 set ports "3 4 5 7 8t"
swconfig dev switch0 set apply

and the new answer to swconfig dev switch0 show, is:

VLAN 1:
ports: 3 4 5 7 8t
VLAN 100:
ports: 0t 2 8t

So, in theory, i just have to plug the sever ethernet cable to receive the second external ip, but it doesn't work.

i don't understand what the router does to acquires the ip just with this line /usr/sbin/ip addr add 179.33.26.205/29 dev vlan100, and it does not work the same way on the server.

Is there any way to test if the switch port is really working on WAN vlan 100?

I already tried everything, even moving all the ports to the VLAN 100 with

swconfig dev switch0 vlan 100 set ports "0t 2 3 4 5 7 8t"
swconfig dev switch0 vlan 1 set ports "8t"

I tried tagging all switch ports with the same results

swconfig dev switch0 vlan 100 set ports "0t 2t 3t 4t 5t 7t 8t"
swconfig dev switch0 vlan 1 set ports "8t"

Is it really that simple to just move a switch's port to the wan vlan? in the above link they said "You can move ports to the WAN VLAN to make them act as WAN ports residing outside the router's NAT. Devices attached to these ports will request their IP addresses from the ISP instead of getting a private IP address from your router."

Of course, the Interface Setup -> Port Setup -> WAN Port Assignment is assigned to vlan 100 on networking tab page.

On server /etc/network/interfaces I'm, using static addressing

address 179.33.26.205
netmask 255.255.255.248 (same as works on the router).
gateway (not sure) so, tried, with routers ip, no gateway and even the isp PPPoE gateway from ISP.
nameservers 200.21.200.10 200.21.200.80

Finally, there is no way to receive the external IP on the server itself. Any help will be granted as this is driving me crazy.

PD: I don’t understand why my swtich is not showing port 1 and 6, no matter to use:
swconfig dev switch0 set reset 1

Thanks,
Mauricio F.
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Wed Dec 07, 2022 8:58    Post subject: Reply with quote
Not having a direct solution, but perhaps you are overcomplicating things.

You have two public IP addresses and want to connect one of those addresses to your server.
this is indeed done with one-to-one NAT, you have done this manually but you can normally do it via the GUI (not sure if it works with other than the default WAN e.g. your vlan 100)

Setting another VLAN to the WAN port can also be done via the GUI, just set ID 100 instead if ID 2 in the GUI, you probably need to tag it depending on what the provider wants but that can also be done in the GUI (Switch Config tab).

My first thought why the server does not responds is that the firewall will not allow any traffic but local traffic so I would look into the firewall of your server to begin with.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Wed Dec 07, 2022 13:11    Post subject: Reply with quote
1) The switch may not support 100 vlans. Try this instead:

swconfig dev switch0 vlan 2 set ports "0t 2 8t"
swconfig dev switch0 vlan 2 set vid 100

2) This would have worked with a bare-bone wan, but you said in your first post that you are using PPoE. Your wan is the PPoE interface, not the vlan2 on the switch.
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Wed Dec 07, 2022 13:26    Post subject: Reply with quote
PPPoE automatically uses the interface that is configured under "WAN port assignment"

Quote:
root@DD-WRT:/tmp/ppp# cat options.pppoe
nic-eth0


/ etc..

So you can easily tag PPPoE by creating a new VLAN (add new VLAN tag to eth0) , assigning the VLAN to the WAN port (make sure that the new VLAN and eth0 are not bridged to the LAN).

you can also simply tag the switch port - works too


Last edited by ho1Aetoo on Wed Dec 07, 2022 13:56; edited 2 times in total
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Wed Dec 07, 2022 13:52    Post subject: Reply with quote
You don't get the point.

The second wan port bypasses ppoe, so the server must establishment it's own ppoe connection in order to reach the Internet.
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Wed Dec 07, 2022 14:27    Post subject: Reply with quote
Yes, sure, it's just a switch that is in front of the router.
All devices connected in front of the router must establish their own PPPoE connection.

Adding a second port to the router's WAN is no different than having a 3 port switch in front of the router.



81111111158.png
 Description:
 Filesize:  12.16 KB
 Viewed:  678 Time(s)

81111111158.png


mflorezm
DD-WRT Novice


Joined: 19 Feb 2018
Posts: 11

PostPosted: Fri Dec 09, 2022 23:39    Post subject: Reply with quote
Can the ONT handle two PPPoE conections at the same time? I will try to establish PPPoE from the server itself using same vlan100 and keep you posted. Thanks.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum