So I switched from CommieCast to Alternating Terrors in hopes of getting a better deal. So we get it installed and for the first few days I play around with it to get it working right before we cancel Comcast.
So, First of all, they give you a dumbed down modem/router combo (Pace 5268AC, gotta get in those keywords!) instead of just a modem. It should have a DMZ mode right? Seems easy enough to get around right?
The first thing I did after that was checking my IP addresses on my “router*” and I noticed that there were no IPv6 addresses blocks assigned. So first thing I do is that I check on the internet for how to get IPv6 to passthrough to the “router” and I see other people are having problems with it as well…. This isn’t going to be fun….
So first I try using Hurricane Electric (note to self, H.E -x> Hewlett Packard) ‘s tunnel broker service and it just didn’t work. I check with tcpdump to see what’s going on and I only see outgoing packets to HE’s servers, but none coming back. I quickly recheck my setup to make sure nothing’s wrong, then I check on the internet and see that other people said that tunnel broker services are blocked when using DMZ.
“No problem”, I said to myself and I turned off DMZ. Everything started working, things started pinging back via IPv6 and all was well. Except now the modem was complaining about unknown destination IP addresses and started being generally unstable. I then setup the modem for a cascaded router setup and then everything broke again just like it did for DMZ. Great.
After a couple hours of hair-tearing, I noticed that a computer on the network could still use a tunnel broker while another computer was DMZ’d. The Modem, though only allows one address per MAC address and it automatically detects static IP addresses via ARP (didn’t know this at the time). I didn’t want to setup another NIC for the computer, so I thought up of a way to simulate another MAC address inside my current router.
So I tried many different ways of getting another interface (with another mac) attached to my current bridge interface. First I tried a macvtap, but that didn’t work, so I fully simulated a network inside my computer using a veth pair with one side attached to the bridge interface. No pings, but now there’s an error about martian packets from the bridge interface. I look it up and apparently the linux kernal filters packets from private ip space on a “public” facing interface. “sysctl net.ipv4.conf.all.rp_filter=0” and I should be done!
I’m now receiving pings back and I set everything back up again. But every once in a while, the AT&T router removes the DMZ IP and when I try to add it back it says “Cannot Assign a DMZ IP to a Static Computer” or something like that. I look with netstat on the local side of the veth interface and notice that no packets are going in through the interface!
It seems to be being absorbed via the bridge interface. Looking around on the internet, I see this and copy it. It’s now sending/recieving packets on the interface, but it’s still booting it off every once in a while. I look at the netstat for a little bit to see how it’s determining if it’s a static ip. Then I notice that ARP is sending the bridge’s mac address for the veth’s IP address requests! It seems like the linux kernel does this on purpose with even an option to disable it! So, one sysctl flag later, and it’s done. Everything works now.
I hope this is any use to you. This could also possibly be applied to trying to get multiple static ips from AT&T assigned to a single computer (I’ve tried before and failed, but I don’t have the static IPs anymore). I’ll be posting my scripts on my Github sometime soon when I get around to it…
EDIT : now available on Github here!
“router” may be an overblown computer