odd networking issue
in [UK Mac]
|
Prev: Aperture bug #1002
Next: Old game: Coins
From: Jim on 20 Feb 2010 04:57 Jim <jim(a)magrathea.plus.com> wrote: <snip> Never mind, got it - the router was passing on the DHCP request to the upstream provider. Jim -- "Microsoft admitted its Vista operating system was a 'less good product' in what IT experts have described as the most ambitious understatement since the captain of the Titanic reported some slightly damp tablecloths." http://www.thedailymash.co.uk/
From: James Taylor on 20 Feb 2010 15:43 Jim wrote: > Never mind, got it - the router was passing on the DHCP request to the > upstream provider. Surely the PPPoA connection established by the ADSL modem would have got its public IP from the PPP handshake. What makes you think the DHCP packets from your BSD box were being routed upstream to the ISP? DHCP is a broadcast protocol and is not routed at all. DHCP can be realyed (a kind of proxy mechanism) but even then it would be very unusual for an ISP to run a DHCP server for its customers. UK ISPs tend to use PPPoA as it allows identification and authentication of the account holder. I know of some ADSL modems that can be configured to bridge at layer 3 (not layer 2). For example, the DrayTek Vigor 110 will proxy a PPPoE connection from downstream to a PPPoA connection upstream and pass the public IP directly through to the internal PPPoE endpoint (which could be your BSD box for instance). Could it be that the DMZ mode of your particular router is actually a misnamed bridge mode? This may have be why its DMZ mode *requires* DHCP to be used so that the internal host could be passed the external public IP. But I suspect that the router is first establishing the PPPoA connection and thus getting the public IP from upstream independently of the client getting that public IP from the router via DHCP. On other routers the DMZ mode is just a way of settings a default port-forward to a specific internal IP, and you must tell the router that IP. To be useful, it is necessary to set a matching static IP on the DMZ server or otherwise arrange for a fixed DHCP IP allocation. You described your router as requiring the DMZ server to use DHCP, that it then it gets the external public IP, and you didn't mention any way for the router to distinguish which internal machine is the DMZ server. All this leads me to believe that your router's DMZ mode is not a default port-forward, and is instead a kind of bridge mode. -- James Taylor
From: Jim on 21 Feb 2010 04:12 James Taylor <usenet(a)oakseed.demon.co.uk.invalid> wrote: > You described your router as requiring the DMZ server to use DHCP, that > it then it gets the external public IP, and you didn't mention any way > for the router to distinguish which internal machine is the DMZ server. > All this leads me to believe that your router's DMZ mode is not a > default port-forward, and is instead a kind of bridge mode. No. In the DHCP configuration area it allows for, essentially, passing on the request upstream. I had to toggle it off that and onto the 'Private address in the 192.168.2.x range" setting. It's a nice router but a bit weird in some ways. Jim -- "Microsoft admitted its Vista operating system was a 'less good product' in what IT experts have described as the most ambitious understatement since the captain of the Titanic reported some slightly damp tablecloths." http://www.thedailymash.co.uk/
From: Jim on 21 Feb 2010 04:16 James Taylor <usenet(a)oakseed.demon.co.uk.invalid> wrote: > You described your router as requiring the DMZ server to use DHCP Actually, I didn't explain that bit as clearly as I could have: the router will only DMZ to a machine that gets its IP -from the router itself-. Jim -- "Microsoft admitted its Vista operating system was a 'less good product' in what IT experts have described as the most ambitious understatement since the captain of the Titanic reported some slightly damp tablecloths." http://www.thedailymash.co.uk/
From: James Taylor on 21 Feb 2010 05:26
Jim wrote: > James Taylor wrote: > >> You described your router as requiring the DMZ server to use DHCP, that >> it then it gets the external public IP, and you didn't mention any way >> for the router to distinguish which internal machine is the DMZ server. >> All this leads me to believe that your router's DMZ mode is not a >> default port-forward, and is instead a kind of bridge mode. > > No. Which bit is that "no" referencing? > In the DHCP configuration area it allows for, essentially, passing on > the request upstream. Do you accept my point that ADSL normally uses PPPoA or PPPoE connections and that the router gets its public IP from PPP? Then do you imagine that this "passing the request upstream" is your router cleverly translating a UDP broadcast protocol like DHCP into a connection based protocol like PPP? Your description sounds like it works like this: BSD box ADSL Router ISP PPP server 1. ---- DHCP Discover ---> 2. <--- DHCP Offer ------- 3. ---- DHCP Request ----> 4. ----- PPP connect ----> 5. <---- PPP config ------ 6. <--- DHCP NAK --------- 7. ---- DHCP Request ----> 8. <--- DHCP Ack --------- For this to work, the DMZ server (your BSD box) would have to be identified to the router by MAC address and this MAC address stored in the router's configuration. So, even before the DMZ server has an IP address, the router will recognise it and know to treat the DMZ box differently and thus not simply hand out a local DHCP lease as it would for all other machines in the LAN. Alternatively you may believe there is a DHCP server at the ISP and that the process actually works like this: BSD box ADSL Router ISP PPP server ISP DHCP 1. ---- PPP connect ---> 2. <--- PPP config ----- 3. ---- DHCP Discover ---> 6. ------------ DHCP Discover ---------> 7. <----------- DHCP Offer ------------- 4. <--- DHCP Offer ------- 5. ---- DHCP Request ----> 6. ------------ DHCP Request ----------> 7. <----------- DHCP NAK --------------- 6. <--- DHCP NAK --------- 7. ---- DHCP Request ----> 6. ------------ DHCP Request ----------> 7. <----------- DHCP Ack --------------- 8. <--- DHCP Ack --------- but I'm pretty sure things don't work like that because ISPs don't run DHCP for their customers. In fact I don't think it works like the first diagram either. Indeed, if the DMZ box is getting the public IP via DHCP then the only way it makes sense to me is this: BSD box ADSL Router ISP PPP server 1. ----- PPP connect ----> 2. <---- PPP config ------ (external IP now known by router) (non-DMZ hosts can now get internal IPs by DHCP and access the Internet via NAT) 3. ---- DHCP Discover ---> (DMZ box recognised by MAC) 4. <--- DHCP Offer ------- (with offer of external IP) 5. ---- DHCP Request ----> 6. <--- DHCP Ack --------- (Now layer 3 bridging (no NAT) performed only for traffic to/from the DMZ box's MAC address) What is not entirely clear to me, but which you may be able to test if you have access to another non-NATted host on the Net, is whether you absolutely *have* to use the public IP address received by DHCP (perhaps because the router filters traffic not coming from that IP) or whether can configure multiple IP addresses on the WAN interface of your BSD box and have them all work. Of course, you'd need to have an IP address block allocation from your ISP for traffic to be routable back to your box, but you may nevertheless be able to test whether you can send pings from a second IP by checking if they arrive at another host on the Net. > I had to toggle it off that and onto the 'Private > address in the 192.168.2.x range" setting. I can't quite picture what you mean. I wonder if you'd be kind enough to indulge me with more detail as I'm now very curious to understand what this router is really doing. > It's a nice router but a bit weird in some ways. That's what makes it exciting. The weirdness may turn out to be great novelty and innovation if only we could properly understand it. -- James Taylor |