bridge mode on 2740N

Anotherone · ‎31-08-2007

Just to add, NAT appears in the list under Advanced Setup in the modified firmware - see screenshots but whether it's possible to turn it off there I don't know. HOWEVER it might be possible to do that by modifying a text config and uploading that without changing the firmware, in a similar manner to getting bridge mode.
btw junoqbeat, you haven't mentioned whether your 2704n has v1 or v2 Plusnet firmware.
I'll see if I can point some expert knowledge on the firmware this way.

aesmith · ‎26-09-2015

It just occurred to me that there might be another way of doing this. Configure your ASA with PPPoE as "outside", with credentials etc. Configure second i/f as "inside" with whatever you use internally. Configure a third i/f with one host address from your /29 (let's call that i/f "DMZ"). Configure your second firewall with another of your /29 addresses on its Outside, and connect that to DMZ on the ASA. Do you think that might fly for you?
AO posted while I was writing this - if you can disable NAT on the router then that's going to be the cleanest configuration.

junoqbeat · ‎07-12-2015

Hi pall
Software Version: 7.275.2_F2704N_Plusnet

With regards to routing:
I need to tell PlusNet Network team that /29 which they've assigned to me will leave behind their ADSL router ( ADSL Interface A with IP X.x.x.x ---[ADSL ROUTER] ---- LAN Interface with /29 which goes towards my network) and not in front of it if it makes seance ie to get to my /29 they need to set the route (next hope ) to whatever IP they will assign to their ADSL router's WAN interface.
OMG I need vision on this machine LOL

aesmith · ‎26-09-2015

Plusnet should look after the routing at their end, it will be all perfectly routine for them.

Anotherone · ‎31-08-2007

Hi junoqbeat,
as you have the damned v2 firmware which inhibits download of the text config, you will have to end up experimenting at some point.
Assuming that you haven't modified anything except via the GUI, and what you have changed is OK, the make sure you backup the existing config as a whatever.conf file. And keep it safe in case you need to revert to it - rename it so it can't inadvertently get overwritten.
I'm hoping we might have some idea of a full text config from the v1 firmware, that either only has known acceptable mods or none, that you can try uploading to see if they work OK. (I'm assuming you haven't already done anything like that).

junoqbeat · ‎07-12-2015

I've done the backup of the config but can't see the config itself as its encrypted LOL. No changes were done to the router a part from changing its LAN IP.no big changes another words.
Firmware is not good for me if it doesn't have a bridge functionality. NO NAT looks match better to be honest as with some help from Network guys over at PlusNet I can have pure L3 setup running . That sounds done

ejs · ‎10-06-2010

Matty123123 wrote a program to decrypt the config file. Encrypting it, if necessary, ought to be possible, but I don't think that program does it.

junoqbeat · ‎07-12-2015

Many thanks @ejs I can see my config now

Need to find a router where I can disable NAT and do pure Routing but first need to talk to guys over at plusnet

Anotherone · ‎31-08-2007

If you are getting answers to questions like that, you are a very lucky chap!

aesmith · ‎26-09-2015

Quote from: junoqbeat
Need to find a router where I can disable NAT and do pure Routing

If I read you correctly and this is partly a learning project, how about a Cisco 877? Available from around £15 on Ebay (I got one for £6.50 the other week). Not the world's fastest synch rates on long lines, but very stable (as you'd expect). You could configure full firewall policies on it if you wished, to provide protection right at the edge. You only need the "Advanced Security" feature set, there's no particular benefit from "Advanced IP Services" for anything that you've described.
Out of interest, what's your other firewall, the one that isn't an ASA?

Matty123123 · ‎01-04-2015

Hello junoqbeat, I'm just wondering. Does the extra firewall support PPPoE... in-order to save a public IP address.
If so, you can try this basic config: (modem only)
https://community.plus.net/forum/index.php/topic,137629.msg1223542.html#msg1223542 (use the text attachment)

If you just want to play with the config, you can (probably) decrypt it with this program:
https://community.plus.net/forum/index.php/topic,137629.msg1273456.html#msg1273456 (expand the window show a small encrypt option, if necessary)

Regarding NAT: I can not see an "easy" way to add 'permanent' static routes !!! && the web interface is exposed to the net. You can add temporary ones if you connect to the IP6-SSH (If its available on the newer firmware?)

aesmith · ‎26-09-2015

Regarding PPPoE, only one device can terminate that, you can't have two devices logging into the same account, especially not via the same modem.

Quote from: Matty123123
Regarding NAT: I can not see an "easy" way to add 'permanent' static routes !!! && the web interface is exposed to the net.

If you're speaking about the ASA, don't worry about access from outside as that's disabled by default. You have to specifically enable ssh and asdm access from outside, and can limit it by source address as well. That's not an issue.
Regarding NAT you configure static nat at the host or port level onto the addresses within the /29 customer subnet. You can configure the ASA to use the changeable PPP address for dynamic nat for outbound traffic. You just have a default route via the outside. I'm not sure what issue you see with routing. (Speaking about ASA again, not the unspecified other firewall)

Matty123123 · ‎01-04-2015

Na, I was talking about the cheap Plusnet router. I got no idea what IOS the ASA is running.

aesmith · ‎26-09-2015

OK. If the 2704N is being used as a modem it has no routing role, all the PPPoE traffic goes back to the device that establised the connection.
If it's a router, you won't need to add static routes for the /29 as this will be a connected subnet on the inside. Any NATs or other addresses will appear as hosts on that subnet, directly reachable by ARP.

junoqbeat · ‎07-12-2015

Quote from: MisterW
Quote
Sales guy from PlusNet told me that "yes our router does support the bridge mode" but now they are telling me that yes it does support it but we have no idea where it is or how to setup Bridge mode.....
I can't recall anyone on here reporting that bridge mode is possible on the 2704n. I suspect sales were being 'econonmical with the truth'. The 2704 isn't a business router. In your case I would suggest getting a simple ADSL modem http://www.broadbandbuyer.co.uk/store/modems/adsl-modems/#content for use with your firewall. Maybe worth thinking about a VDSL/ADSL one in case you upgrade to fibre in the future.

I've got D-Link DSL-320B from that web site.
It doesn't support the Bridge mode in the way I was thinking the bridge will work!
After using a Bridge mode u shouldn't be able to log in to the router at all as it doesn't have that LAN IP address any more (192.168.x.x) (I remember on the Virgin Media Router there was mgmt IP address even after the bridge but you had to know the IP as it was set to like a secondary IP address or something like that... anyway)
After configuring bridge I was able to connect back to that D-link

I had PPPOE setup on my Mac with same username and password that works on my router (any router)
PPPOE connection on my MAC was showing as connected but nothing was passing trough.At the same time on the D-Link router I was seen some error massages in the Logs.

:((((((((((((((

bridge mode on 2740N

Re: bridge mode on 2740N

Re: bridge mode on 2740N

Re: bridge mode on 2740N

Re: bridge mode on 2740N

Re: bridge mode on 2740N

Re: bridge mode on 2740N

Re: bridge mode on 2740N

Re: bridge mode on 2740N

Re: bridge mode on 2740N

Re: bridge mode on 2740N

Re: bridge mode on 2740N

Re: bridge mode on 2740N

Re: bridge mode on 2740N

Re: bridge mode on 2740N

Re: bridge mode on 2740N