Posted: Sat Jul 03, 2021 1:32 Post subject: R7000: ISP IP Aliasing | Altice/MEO GlobalConnect Pack
So I'm using a provider that does some "unusual" setup in their GPON service. They assign me with a static IP however between their device and my router I've to communicate using a reserved IP range.
Folks at OpenWRT already know how it works and published this:
This enterprise VoIP and Internet services package includes a Thomson/Technicolor gateway which can be configured (by the tecnician only) in bridge mode, at installation time. In this configuration, the connection presents itself untagged at the gateway's switch port 4. The Internet service is somewhat unusual, in the sense that it requires IP aliasing (it allows the provider to spare one public IP address per connection). The addressing is static, and the configuration provided is (as an example) something along these lines:
Both the Local and Remote WAN IP addresses belong to a /30 subnet. Inbound traffic arrives at the interface with the Internet IP address as the destination. To configure this connection on an OpenWrt device (let's assume interface eth1), on /etc/config/network, we need:
config interface 'wan'
option ifname 'eth1'
option proto 'static'
list ipaddr '188.8.131.52/32'
list ipaddr '100.64.194.2/30'
option gateway '100.64.194.1'
Now, since the addressing is static, we can do source NAT instead of masquerading. To do so, we configure /etc/config/firewall as follows:
Thank you for the link, indeed the only source for a setup like this was that OpenWRT page.
From my understanding my WAN is a private network where my router needs to communicate using the private gateway but changing the packets source IP to the public IP. And also accept packets to that public IP. _________________ 1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
I just noticed on my E4200v1 that there is a IP Forwarding (1:1 NAT) page under "NAT / QoS" now that I don't recall seeing before. Perhaps this may be of some use.
Unfortunately my router doesn't have that menu.
Anyway, I managed to get it to work as suggested before with the following:
ip addr add 184.108.40.206/32 dev vlan2
iptables -t nat -A POSTROUTING -o vlan2 -j SNAT --to 220.127.116.11
iptables -t nat -I POSTROUTING -s 172.26.1.0/24 -j SNAT --to-source 18.104.22.168
With those two I managed to get both the router and LAN devices to be able to ping hosts on the Internet. Not sure if the second one alone wasn't enough but I'm no longer near that router to test it again.
Now I identified another issue, since the router thinks it's public IP is on the 100.x range typical port forwards and binds might not work. For instance, in order to get the OpenVPN server to work I had to also add:
Either way, this isn't 1:1 to NAT. This is an ISP doing what the shouldn't do.
Do you have any tips about:
I identified another issue, since the router thinks it's public IP is on the 100.x range typical port forwards and binds might not work. For instance, in order to get the OpenVPN server to work I had to also add: