From SixXS Wiki

Contents 1 Verizon Residential DSL/Westell 327W 1.1 Summary 1.2 Westell 327W 1.2.1 Default Configuration 1.2.2 Static Nat 1.2.3 DMZ Host 1.2.4 Firewall

Verizon Residential DSL/Westell 327W

Information on progress getting a SixXS tunnel working for a subscriber with Verizon residential DSL service. This page is fairly incomplete and will be moved elsewhere in the wiki when a few more tests are done.

Summary

• SixXS tunnel works fine with AIYIA.
• No luck with 6-in-4 heartbeat.
• Protocol 41 packets do get delivered to the user. Upstream traffic is the problem.
  • 20 Jul 08 - testing with another Verizon DSL subscriber was inconclusive. He did receive protocol 41 packets sent from outside Verizon's net, but we were unable to get any protocol 41 traffic between us. TCP traffic worked fine. Testing was inconclusive since even though the other host was geographically close to me, there were several router hops between us.
  • 21 July 08 - Called Verizon residential DSL support. Specified "other" as my OS. The person there did not know what protocol 41 was and could not find anything in their KB. The guy suggested letting him transfer me to Business Support. They said they don't support the residential network, but were kind enough to speak to a "level 3" technician after I told them how I got there. The relayed message was that no protocols are blocked. The Business Support person also suggested I try Verizon's Premium Technical Support. That is a subscription service, but she said they may answer the question anyway. I may go back to Residential Support and ask for a supervisor. Enough for today though.
• See User:JNN2-SIXXS/Case_Experience_(Home_Dynamic_NAT) for Verizon FiOS FTTP user. Seems to work for him.

My Actiontec router is able to "port" forward protocol 41 packets to my PC running AICCU. You indicate below that you can only forward TCP or UDP packets, and protocol 41 is neither. However, you may have luck with making your AICCU PC your DMZ host as the router should dump everything--including protocol 41--on the DMZ host, but you'll have to see if that adversely affects your other port forwards (if any) or IPv4 routing. I haven't toyed with DMZ enough to know if it precludes port forwards or NAT at the router. JNN2-SIXXS 09:29, 18 June 2009 (UTC)

Westell 327W

The Westell 327W is a DSL modem/router/NAT/wireless access point device supplied by Verizon to some of their residential DSL customers. The firmware is customized for Verizon.

Default Configuration

The default configuration for the 327W is NAT which also supports enabling services (port forwarding). The router comes with a pre-configured list, or you can define your own. User-defined services can only be TCP or UDP (no protocol 41).

AIYIA works in this configuration with no services forwarded.

Static Nat

The NAT/port-forwarding mode supports specifying a host for static NAT. Any unsolicited traffic for the public IP is forwarded to this host. This will forward protocol 41 traffic to the static NAT host.

Protocol 41 traffic sent back out does not arrive at it's destination for unknown reasons. Aiccu test gets all the way to the test where the remote end of the tunnel is pinged. Tcpdump (on Linux) does show protocol 41 packets being sent out the host's Ethernet interface with the correct destination address.

DMZ Host

The DMZ Host (or shared IP) mode of configuration shares the public IP address assigned to the router with the DMZ host. The DMZ host should run DHCP since its address will change with the public IP address. Functionality of port forwarding and NAT for other hosts on the network is unknown at this time, although it appears they have relatively normal connectivity. More testing needs to be done.

Firewall

The default setting for the firewall is off. The documentation says firewall rules take precedence over port forwarding. I assume traffic that isn't passed or dropped by the firewall rules gets processed by the regular NAT and port forwarding. More experimentation needs to be done here.

• The firewall supports a security log which can be configured to log allowed packets.
• In the "No Security (None)" the firewall will not log any packets.
• This testing was done in the "Minimum Security (Low)" setting.
• With outbound packet logging enabled, the firewall does show the protocol 41 packets being sent.
• Note that at least one version of the firmware displays the passed packets as protocol 4.