|
Fritzbox / Heartbeat Tunnel
![[at]](/s/countries/at.gif) Shadow Hawkins on Tuesday, 02 April 2013 14:45:05
Does anybody know, whether the following setup should work:
<public internet (IP V4 Address>
|
| IP 62.xx.xx.xx
<cable modem with integrated router>
| 192.168.0.1
|
| 192.168.0.2
<Fritzbox 7270>
| 10.x.x.x
|
<private LAN>
The intermediate 192.x network is required, as the router integrated into the cable modem cannot be disabled and the Fritzbox should not be disabled as the UPC Router does nbot support all desired comfiguration possibilities. Normal IP V4 communication is working fine.
I'm planning to set up the fritzbox as IP V6 router. The primary question I want to know is whether the heartbeat implementation / heartbeat protocall will (or at least could) work on the Fritzbox as this uinit does not know the real public IP (62.x.x.x). I.e. 6to4 does NOT work, as the Fritzbox tries to use the public IP 192.x.x.x.
As I do not know whether the public IP is explicitly sent by the Fritzbox in the protocol or implicitly detected by the Sixxs Pop I cannot guess whether this setup could work.
As an alternative I would have to set up a static IP - but I'm not sure whether the Fritzbox / UPC environment ist stable enough for the reqzuired 7/24 operation.
Martin
P.S. Is there any search function in the forum ? I could not detect it. Maybe I'll need new glasses...
Fritzbox / Heartbeat Tunnel
as the router integrated into the cable modem cannot be disabled
What model/version is it?
the Fritzbox should not be disabled as the UPC Router does nbot support all desired comfiguration possibilities.
But that will mean you are then doing double NAT, that is always a bad idea; or did you configure the Fritz!Box to be a 'client' of the Cablebox?
The primary question I want to know is whether the heartbeat implementation / heartbeat protocall will (or at least could) work on the Fritzbox as this uinit does not know the real public IP (62.x.x.x).
Won't work. Especially as the cablebox will not do proper protocol-41 NAT.
As I do not know whether the public IP is explicitly sent by the Fritzbox in the protocol or implicitly detected by the Sixxs Pop
As far as I know Fritz!Box uses the 'sender' option of the heartbeat protocol, as such signalling your current IP address with heartbeat will work. (but as proto-41 will not be properly translated the actual tunneling won't)
As an alternative I would have to set up a static IP
Won't matter, as your cablebox breaks the proto-41 from being forwarded properly.
P.S. Is there any search function in the forum ? I could not detect it. Maybe I'll need new glasses...
Use your favourite search engine, eg with google use "site:sixxs.net your search query" or even add "inurl:/forum/' to restrict it to the forums.
Fritzbox / Heartbeat Tunnel
Shadow Hawkins on Tuesday, 02 April 2013 17:06:27
Thanks for the fast reply.
Jeroen Massar wrote:
What model/version is it?
The modem / router is a TECHNICOLOR TC7200 delivered by UPC Austria. The firmware is at least slightly modified, as an UPC logo is displayed at the configuration screen
> the Fritzbox should not be disabled as the UPC Router does nbot support all desired comfiguration possibilities.
But that will mean you are then doing double NAT, that is always a bad idea; or did you configure the Fritz!Box to be a 'client' of the Cablebox?
Yes I know. And I would prefer a pure cable modem. But with the last speed up UPC only deliveres this modem / router (at least as far as I know). The WIFI signal is much weaker than the fritz box. And more important the modem router has an public accessible web interface on port 8080 which cannot be disabled and which I do not have an access to (the lan side password does not work) So call it paranoid, but I'm fraid that UPC uses a general password for all their routers. So this router is not acceptable as firewall router for me.
> The primary question I want to know is whether the heartbeat implementation / heartbeat protocall will (or at least could) work on the Fritzbox as this uinit does not know the real public IP (62.x.x.x).
Won't work. Especially as the cablebox will not do proper protocol-41 NAT.
Sorry, but I do not understand what you mean with "does not poper protocol-41 NAT". The cable box / router should be NAT ready. Access from LAN to www works well. Also VPNs from LAN to my company (using watchguard mobile VPN) and VPNs from Clients into my LAN (terminated at the Fritz-Box) work normally. I willl try to google for protcol-41 NAT but some more information what I should look for is welcome.
> As I do not know whether the public IP is explicitly sent by the Fritzbox in the protocol or implicitly detected by the Sixxs Pop
As far as I know Fritz!Box uses the 'sender' option of the heartbeat protocol, as such signalling your current IP address with heartbeat will work. (but as proto-41 will not be properly translated the actual tunneling won't)
Sorry, I do not want to be impolite. But why are you sure, that the cable modem / router will not work without knowing my box type ? Mybe I should have mentioned, that I set up the cable modem / router to use the Fritzbox as an DMZ host. It seems to route everything (except port 8080) to the Fritzbox.
Would it be a bad idea to try a heartbeat tunnel ?
Could I do any test before requesting such a tunnel to spare my points and especially your time for setting up the tunnel ?
Martin
As an alternative I would have to set up a static IP
Won't matter, as your cablebox breaks the proto-41 from being forwarded properly.
Fritzbox / Heartbeat Tunnel
Shadow Hawkins on Tuesday, 02 April 2013 17:24:28
Martin Michalecz wrote:
Sorry, but I do not understand what you mean with "does not poper protocol-41 NAT". The cable box / router should be NAT ready. Access from LAN to www works well. Also VPNs from LAN to my company (using watchguard mobile VPN) and VPNs from Clients into my LAN (terminated at the Fritz-Box) work normally. I willl try to google for protcol-41 NAT but some more information what I should look for is welcome.
Sorry, I should have goggled beforeposting.
protocol-41 nat seems to be some "special" nat required for encapsolated IPV6 packets. So does his indicate that will be impossible to use IP V6 behind a NAT router not supporting protcol-41 nat ?
The TC7200 does mention IP V4 and IPV6 support on some data sheets available in the www. But there is no mention of IPV6 in the adminstration pages accessible using the browser. So I do not know, whether IPV6 is disabled with UPCs firmware or the modem / router simply does not support any configuration options for IPV6.
I'll try to get some test software to check the router.
Martin
Fritzbox / Heartbeat Tunnel
protocol-41 nat seems to be some "special" nat required for encapsolated IPV6 packets.
No, protocol-41 is the protocol that is used for encapsulating IPv6 inside IPv4.
Protocol 6 for instance is TCP, and Protocol 17 is UDP.
Most NAT boxes handle only TCP and UDP, and are ignorant on what to do with anything else.
So does his indicate that will be impossible to use IP V6 behind a NAT router not supporting protcol-41 nat ?
Some NAT boxes have a DMZ mode, and then in some cases that will properly forward any IP packet to that host, but in quite a few cases it won't work.
But in your case, as you have a Fritz!Box, even if you could enable DMZ mode the Fritz!Box will not accept those packets as it requires a public IPv4 address.
Fritzbox / Heartbeat Tunnel
The modem / router is a TECHNICOLOR TC7200
Ask for a Thomson based modem, or even the Horizon along with separate modem (non-wifi is how they typically call it) then you can turn the cable modem into bridge mode.
Sorry, but I do not understand what you mean with "does not poper protocol-41 NAT".
Most NAT implementations do not properly NAT protocol 41. They do do TCP and UDP, but anything is else is black magic and typically will not properly work.
But why are you sure, that the cable modem / router will not work without knowing my box type ?
Because it is the general case.
Mybe I should have mentioned, that I set up the cable modem / router to use the Fritzbox as an DMZ host.
Even DMZ mode does not always work.
But in your setup, the Fritz!Box will not set up a tunnel as you are using RFC1918 space as provided by your cable modem.
Fritzbox / Heartbeat Tunnel
Shadow Hawkins on Wednesday, 03 April 2013 12:04:13
Jeroen Massar wrote:
But in your setup, the Fritz!Box will not set up a tunnel as you are using RFC1918 space as provided by your cable modem.
Thanks for the explanation. I will try to change to a modem.
Currently I do not knowif the can provide one, as I use telefone and internet on the modem and the previous arris modem was not ready for DOICSIS 3 (?) which seems to be required for speeds greater 34MBit (I've upgraded to a 50/5 MBit package which is faster and slightly cheaper than the older one)
The Fritzbox will really not try to establish a tunnel as long as the WAN side has a private address. I've tried to setup a 6in4 with tunnelbroker yesterday evening - the Fritzbox refused. Maybe I could try to use a public address in the "middle" network - but that would be very very dirty.
At the moment I will have to wait for my Internetlink to work again. It broke yesterday evening and UPC still has not fixed it. (The modem / router seems to fail to get an cable IP address from the DHCP server ...).
Thank's
I'll be back when I've arranged an environment where a test could make sense.
Martin
Fritzbox / Heartbeat Tunnel
Currently I do not knowif the can provide one, as I use telefone and internet on the modem and the previous arris modem was not ready for DOICSIS 3 (?) which seems to be required for speeds greater 34MBit (I've upgraded to a 50/5 MBit package which is faster and slightly cheaper than the older one)
The Thompsom ones can do phone and bridge at the same time and do even 150/10 if one can get that.
Fritzbox / Heartbeat Tunnel
Shadow Hawkins on Friday, 05 April 2013 09:33:33
Got an Ubee modem from UPC service providing a single public IP address.
Heartbeta tunnel from Fritzbox is up and running.
Thanks for support
Martin
|
![[ch]](/s/countries/ch.gif)
on Tuesday, 02 April 2013 15:18:01
Posting is only allowed when you are