Solved Cannot figure out gateway IP

fred974

Daemon

Reaction score: 46
Messages: 1,628

Hi,

In addition to my router public IP, my ISP has given me a block of static IP to use for my server at home.
Using the block of IP bellow, I simply cannot get my FreeBSD to resolve anything.
Your static IP address details
Block Size: 8
CIDR: 87.7x.xxx.56/29

I set /etc.rc.conf to:
Code:
ifconfig_bce0="inet 87.7x.xxx.58 netmask 255.255.255.248"
defaultrouter="87.7x.xxx.63"

Could anyone please confirm if I did that right? The email comes with no instruction so not sure which is the gateway :{

Thank you
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,359
Messages: 38,888

Ask your provider. The gateway could be any one of the addresses. Often it's the first or the last address of the range, but that's more a convention than a standard.
 

PMc

Daemon

Reaction score: 680
Messages: 1,368

In addition to my router public IP, my ISP has given me a block of static IP to use for my server at home.

BOAH! Envy!! I thought there are no more...

Using the block of IP bellow, I simply cannot get my FreeBSD to resolve anything.

You sure they are routed at all (or, already)? I would look for a non-obfuscated place on the net and start happy tracerouting (i.e. from outside), to see what can be sent to these addresses and where it might then appear. Afterwards, the way back is with high likeliness just the same.
 

usdmatt

Daemon

Reaction score: 602
Messages: 1,543

It may well be that they just routed the block to your existing public IP address. As such you'd need to just route everything via the original gateway address. How to configure that would depend on your set up.
 
OP
fred974

fred974

Daemon

Reaction score: 46
Messages: 1,628

Ask your provider.
Ho, believe me, I tried hard but their tech guys don't even understand what a gateway or broadcast address is:(
I phone several time hoping someone:
Address Pool Start IP:
Address Pool Mask:
CPE IP Address:
I set Address Pool Start IP: 87.7x.xxx.57
Address Pool Mask: 255.255.255.248
CPE IP Address: 57

Do you know what CPE IP Address is?

In FreeBSD, I also tried this but no sucess
defaultrouter="87.7x.xxx.57"
 
OP
fred974

fred974

Daemon

Reaction score: 46
Messages: 1,628

SirDice I have google it as well and found the same article. What I was asking is, do i pick any usable ip to set CPE?
 

obsigna

Daemon

Reaction score: 893
Messages: 1,284

Try the first address, as SirDice already suggested, i.e. defaultrouter="87.7x.xxx.56". ISP’s, may use the network address of the allocated block as the routing address, since in this case their customers benefit from the max. possible number of available IP addresses for their own use, in your case six. 87.7x.xxx.63 is the broadcast address of your block. It is worth to note, that said network address is actually a special address for your block only, from the point of view of the ISP it is just another regular IP address.
 

tommiie

Well-Known Member

Reaction score: 85
Messages: 297

You got a /29 of additional IP addresses assigned to you. So I assume that you already had a static public IP address?

For example, you already had been given the static IP address 203.0.113.47. You should configure it on your router using the subnet mask 255.255.25.0 and the default gateway should be 203.0.113.1. Now you were given additional IP addresses, e.g. 192.0.2.56/29. Assuming they are being routed to you (i.e. to your public IP address 203.0.113.47) you can take two approaches:
  • Configure all eight IP addresses for NAT translation on your firewall with the IP address 203.0.113.47. That way, all eight IP addresses can be used for dozens of private servers behind your firewall. No routing configurations are needed, nor any changes to your default gateway. You only need to add NAT entries for each service you want to provide on one of those eight public IP addresses.
  • Route the new IP space to a different router or firewall inside your network. E.g. you create a new interface on the firewall, name it a DMZ and use the first valid IP address as the interface's IP address. This way you're using the IP space as a layer-3 network with network address, broadcast address and default gateway, i.e. you lose three public IP addresses. The servers in your DMZ should use the IP address assigned to your firewall as their default gateway but the firewall itself does not need any modifications to its routing table or default gateway.
Should you want to route the IP space to deep inside your network, you will need to add a static/dynamic route for the /29 on each layer three hop, point downwards into your network. Outbound traffic should still hit your default route propagated into the network so no changes needed there either.
 

Vull

Aspiring Daemon

Reaction score: 460
Messages: 757

...
Your static IP address details
Block Size: 8
CIDR: 87.7x.xxx.56/29
...
In binary, 56 = 0011,1000, so IIRC, you have the address range [0011,1000...0011,1111] in binary, or [56...63] in decimal.
248 = 1111,1000 so that should be the right netmask, just like you have it in your opening post. As obsigna was saying, I don't think you can use the address which has 63 as your last octet, because that's the multicast address, like 192.168.1.255 would be the multicast address in a typical 24 bit home or office LAN setup.

It's been awhile since I worked on one of these 29 bit setups, and I know how difficult it can be to communicate with the ISP help-desk people sometimes (I've been one myself, ha), but I'm thinking that, since they seem to be telling you that 57 is the address of your CPE or Customer Premises equipment, then that must be the address of the router they gave you. So, maybe when you tried it before, maybe there was something else wrong, like maybe you were inadvertently using the same 57 address for both your FreeBSD host and your router? I suggest trying again, with 56 58 as your FreeBSD machine, and 57 as the router, and if that still doesn't work, maybe try leaving your CPE on 57, and putting your FreeBSD host on one of the other addresses in [59..62].

Edited.
 

PMc

Daemon

Reaction score: 680
Messages: 1,368

How would you dod that?

Same as with any commodity: look if something (e.g. water) comes out of the pipe or wire.

I would think, before starting to configure some ifconfig or defaultrouter on a machine, that machine must have a network interface thru which the concerned stuff would come in (or would not come in, if something is hosed upstream). Then it should be possible to look into that wire and see what actually comes out of it (before even considering how to handle it). tcpdump for instance should do that. Then, when we see the stuff that comes along, it should become rather obvious to understand how we need to handle it. Has the advantage that we decide on the nature of the actual stuff, not on what some grapevined service desk had told us how it might or should be (if at all).

Concerning the details, well, I don't have full clue on what your config looks like - I dont even get a clue what You consider a "router". (My telco always tends to ask me what type of "router" I use. I don't know what they think of - I feed everything vaguely related to TCP/IP straight into the FreeBSD.)

Further thinking along: Getting a block of IPs practically means to have a new network. And if that network is 56/29, then CPE 57 makes sense and adheres to the convention. Traditionally You would now setup the six new machines, and wire them all together. Then, one of them, namely the 57, will be the gateway machine, which has a second network connecting to the outside (probably, to your "router"). Then you tell the router to route all stuff destined for 56/29 to that 57. And you tell the 57 to route all outbound stuff to that "router". The setting "defaultrouter=57" does make only sense for those other 5 machines behind the new gateway on the new network, with addresses 58...62.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,359
Messages: 38,888

I don't think you can use the address which has 63 as your last octet, because that's the multicast address, like 192.168.1.255 would be the multicast address in a typical 24 bit home or office LAN setup.
That's the broadcast address, not a multicast address. Multicast IP address are in the 224.0.0.0/4 range. Either way, you can't use the broadcast address as a host address.

Every network range has two addresses you can't use, the all zeros and the all ones. The first is the network address, i.e. 192.168.1.0/24, the latter the broadcast, i.e. 192.168.1.255/24. If you get a range of 8 addresses there are only 6 usable IPs. The ISP's router needs an address too so you're left with only 5 usable addresses.
 

Vull

Aspiring Daemon

Reaction score: 460
Messages: 757

That's the broadcast address, not a multicast address. Multicast IP address are in the 224.0.0.0/4 range. Either way, you can't use the broadcast address as a host address.

Every network range has two addresses you can't use, the all zeros and the all ones. The first is the network address, i.e. 192.168.1.0/24, the latter the broadcast, i.e. 192.168.1.255/24. If you get a range of 8 addresses there are only 6 usable IPs. The ISP's router needs an address too so you're left with only 5 usable addresses.
Right. Well corrected and well clarified. Thank you Sir.
 

PMc

Daemon

Reaction score: 680
Messages: 1,368

That's the broadcast address, not a multicast address. Multicast IP address are in the 224.0.0.0/4 range. Either way, you can't use the broadcast address as a host address.

That might depend on what one does with these addresses. If one builds a subnet, as I desribed above, then You are certainly right. But, wouldn't it also be possible to setup eight jails with these addresses, and treat them as individual addresses that only perchance happen to be adjacent? If the subnet-mask isn't assigned to a broadcast-capable interface, nobody knows there's a broadcast address. Or am I missing a point?
 

Vull

Aspiring Daemon

Reaction score: 460
Messages: 757

That might depend on what one does with these addresses. If one builds a subnet, as I desribed above, then You are certainly right. But, wouldn't it also be possible to setup eight jails with these addresses, and treat them as individual addresses that only perchance happen to be adjacent? If the subnet-mask isn't assigned to a broadcast-capable interface, nobody knows there's a broadcast address. Or am I missing a point?
I was having similar thoughts, but it seems to me from the opening post that, in this case, the ISP has forced this kind of setup. I'm assuming that the following snippet of information was given to fred974 by his ISP in an e-mail or when they installed the router:
Your static IP address details
Block Size: 8
CIDR: 87.7x.xxx.56/29
It might be possible to get the ISP to agree to a better arrangement-- one that doesn't waste 3 otherwise perfectly good ipv4 internet addresses which fred974 is paying for-- but I don't know, since the deal may have already been sealed -- still, it's a very good question and shouldn't hurt to ask.

Edited to add: He should still be able to at least use the address of the router for one of his hosts. For example he should be able to IP forward ports 80 and 443 from the router's IP address to a web server on his internal LAN. So he should be able to use 6 out of the 8 addresses, instead of only 5.
 
OP
fred974

fred974

Daemon

Reaction score: 46
Messages: 1,628

Hi all,

Using:
Code:
ifconfig_bce0="inet 87.7x.xxx.59 netmask 255.255.255.248"
defaultrouter="87.7x.xxx.57"
I can ping 87.7x.xxx.59 from within my LAN but not from outside.
My FreeBSD box inside the LAN cannot ping 8.8.8.8
 

gkontos

Daemon

Reaction score: 488
Messages: 2,160

If you are behind NAT you can not configure the extra IP addresses directly to your FreeBSD box. You will need to do that in your router.
 
OP
fred974

fred974

Daemon

Reaction score: 46
Messages: 1,628

I just realised that inside my LAN,
All my public ip redirect me to the main router interface.
So all my ip in my lan point to the same place?
If you are behind NAT you can not configure the extra IP addresses directly to your FreeBSD box. You will need to do that in your router.
the router has different ip and all port forwarding is for internal ip only :(
 

usdmatt

Daemon

Reaction score: 602
Messages: 1,543

What sort of router do you have?

Edit: just to expand on how we'd usually do this -

The Vodafone forum talks about VLAN 101 not 100. Based on the mention of a 73Mbps sync, I'm going to guess they are talking about VDSL, which uses VLAN 101 for the WAN (In the UK at least).

I have no idea how Vodafone work, but if we provide additional networks, we simply route a block to the customers existing public IP. So for example, the customer already has 1.1.1.2 with a 1.1.1.1 gateway. So 1.1.1.2 is assigned to the customer router, and 1.1.1.1 is our end. This could either be static, dhcp or PPPoE (as with VDSL).

If the customer had 2.2.2.X/24 added, we would just route this entire block to 1.1.1.2. We wouldn't add anything our end as a gateway, any traffic to the entire block would just get dumped on their router.

From that point on it's just a case of the customer configuring the router to handle those addresses, and push any traffic from that range to the Internet back up to their existing 1.1.1.1 gateway. Depending on the router this can be configured several ways, or not at all.

You may find that really basic home routers might not support additional WAN addresses/ranges.
On more "advanced" soho routers like Draytek you can usually add additional WAN addresses, then set up port forwarding to forward ports on specific WAN addresses to servers on your LAN. So port 80 on 1.1.1.2 could go to one server, and port 80 on 2.2.2.52 could go somewhere else. Because the router already has a default gateway of 1.1.1.1, any traffic from the 2.2.2.X range going to the Internet should get passed up to the ISP router at 1.1.1.1 by default.

With something like a Mikrotik (we use a lot of these recently as they do a lot for the price) or a more advanced router, you can do the same as above - i.e. assign one or more addresses from the range to the router and use NAT to pass traffic through to LAN hosts. You can also assign say 2.2.2.1/24 to a free port, connect that to your server and directly give the server 2.2.2.2 with a gateway of 2.2.2.1. Traffic from the server will go to its gateway on 2.2.2.1 (which is your router), and your router will then just forward the traffic on to its default gateway of 1.1.1.1.
 
OP
fred974

fred974

Daemon

Reaction score: 46
Messages: 1,628

usdmatt

Thank you for your reply. I found it useful.
To set the modem, I follow the vodafone guide here and there is nothing else I can see.
The modem is Huawei 963168_HUAWEIVOX25 according to the status page
 

usdmatt

Daemon

Reaction score: 602
Messages: 1,543

Hmm, so is this the standard Vodafone router?

I'm surprised they actually provide additional networks at all if it's a standard broadband connection and a bog standard router. As they have provided this additional range (which you would assume means they support it on the service you have), have you asked their support how to make use of it in your router?

If it were me and I planned on doing anything half serious with the connection I'd want to replace the router with my own. By the look of it the Huawei one is one of those "Home Hub" style routers you get with most big suppliers that have very little functionality and are designed for your average home user. I have VDSL/FTTC/"Fibre" broadband/whatever-you-want-to-call-it at home and I currently use a BT OpenReach modem and a Mikrotik 2011 router.

They used to give out the modem as part of the install when VDSL was new (which is how I got mine), but now you just get their locked down combined modem/router (or nothing if you order a self install). You can still get them on eBay or there are alternatives like the Draytek Vigor 130.

With a modem you could probably use FreeBSD as the router but that means configuring PPPoE and all the rest of the nat/routing on FreeBSD, which I personally find a PITA. Some people like it but I prefer to just have a dedicated router/firewall.
 
OP
fred974

fred974

Daemon

Reaction score: 46
Messages: 1,628

have you asked their support how to make use of it in your router?
Yes, their answers were they have not training IP setting and I should go on the Vodafone forum (i cannot login to it). They don't even have access to a router with the same setting as me. They said they only supply the IP..nothing else.

I [ay for 'business' broadband but if I knew how bad the service was before I signup I wouldn't have bothered. I have mikrotik too here but I cannot use it witout a VDSL modem in front :(
I was also told I could set the modem in bridge mode but guess what... there is no such setting.

If I go and get a Draytek Vigor 130 and set PPPoE, what IP will I get?
 
Top