Config WAN with Static IP Pool

ViPa · February 4, 2022, 7:46am

Hello,
I've a VDSL connection with this configuration

config dsl 'dsl'
        option tone 'av'
        option xfer_mode 'ptm'
        option line_mode 'vdsl'
        option ds_snr_offset '0'
        option firmware '/lib/firmware/lantiq-vrx200-b.bin'
        option annex 'b'
        option vid '835'
        option type '8021q'

config device
        option name 'dsl0.835'
        option type '8021q'
        option ifname 'dsl0'
        option vid '835'
        option ipv6 '0'

My provider gave me this configuration:

Point To Point WAN Address:  1.1.1.1 - subnet 255.255.255.254
Static IP Address Pool: 2.1.1.1 - subnet 255.255.255.252 - gateway 2.1.1.2

I tried to set WAN with the following

config interface 'wan'
        option device 'dsl0.835'
        option proto 'static'
        option ipaddr '1.1.1.1'
        option netmask '255.255.255.254'

config interface 'wan2'
        option proto 'static'
        option ipaddr '2.1.1.1'
        option netmask '255.255.255.252'
        option gateway '2.1.1.2'
        option device '@wan'

Using TCPDUMP over the DSL interface I can see some traffic (e.g. if I ping 2.1.1.1 from another external network I can see the ICMP packet) but I can't make incoming and outgoing connections.

First question: Is correct the WAN configuration ?
Second question: Do I need to configure SNAT or static route ?

Thanks

lleachii · February 4, 2022, 2:56pm

Yes, you must configure SNAT if you want to use one of the IPs.

ViPa · February 4, 2022, 3:02pm

Something like this ?

config nat
        option name 'snat1'
        option src_ip '192.168.1.1'
        option target 'SNAT'
        option snat_ip '2.1.1.1'
        option src 'wan2'
        list proto 'all'

or

config nat
        option name 'snat1'
        option src_ip '192.168.1.0/24'
        option target 'SNAT'
        option snat_ip '2.1.1.1'
        option src 'wan2'
        list proto 'all'

lleachii · February 4, 2022, 3:09pm

~~The real SRC IP(s) of the originating traffic you wish to use that IP. So if you only want 192.168.1.1 (the LAN side of the router) - then yes.~~

~~BTW, I didn't check the rest; but it seems incorrect (i.e. 192.168.1.1 is not WAN...and you need a DST of WAN2).~~

ViPa:

or

config nat
        option name 'snat1'
        option src_ip '192.168.1.0/24'
        option target 'SNAT'
        option snat_ip '2.1.1.1'
        option src 'wan2'
        list proto 'all'

Yes!

Two changes:

option dst 'wan2'
option family 'ipv4'

WAN2 is your destination.

You also have to allow traffic to use WAN2 (I assume you just added WAN2 to the existing WAN firewall zone)

ViPa · February 6, 2022, 3:00pm

It doesn't work I'm only seeing these packets:


20:09:07.236114 00:20:da:86:23:75 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 46: vlan 835, p 0, ethertype ARP, Request who-has 2.1.1.2 tell 2.1.1.1, length 28

I also tried to ping the gateway from the router but it doesn't reply

I also found this incoming packet:
20:14:46.855135 84:c1:c1:7d:46:9b (oui Unknown) > c8:77:65:10:60:d5 (oui Unknown), ethertype 802.1Q (0x8100), length 62: vlan 835, p 2, ethertype IPv4, 143.198.72.219.48056 > 2.1.1.1.4070: Flags [S], seq 3810366887, win 1024, options [mss 1460], length 0

lleachii · February 6, 2022, 10:12pm

No clue...and you should know this part in order to solve...

...does your ISP tag your Internet connection as VLAN 835?

ViPa · February 7, 2022, 8:33am

does your ISP tag your Internet connection as VLAN 835?

Yes they do

ViPa · February 7, 2022, 9:18pm

Changing the configuration I was able to see ICMP packet on the network but there is still problems getting ARP Response from the gateway, any idea ?