Bypass At&t fiber BGW210-700


  • Netgate Administrator

    It's in the bin folder on the github repo you are pulling this from: https://github.com/aus/pfatt/blob/master/bin/ng_etf.ko



  • Oh wow thank you...! I thought I could get it directly from browsing my PFsense folders...I am just a NUBE sorry.


  • Netgate Administrator

    You need to add that netgraph kernel module to pfSense because it isn't included by default. There would not normally be any reason to use such shenanigans! ๐Ÿ˜‰



  • Is there a better way to do this?


  • Netgate Administrator

    Go to a different provider? ๐Ÿ˜‰

    But no, that's the only way I'm aware of to remove the AT&T router from the connection.

    Steve



  • I would gladly do that but the only other choice is Comcast and they don't offer gig speeds where I am at.



  • Ok I am lost here how do I get the other files (pfatt.sh) ...I can't seem to download them...I can copy them to txt file but not sure that's what needs to be done.



  • hey, the best thing you can do is read these threads online. nobody wants to hold your hand while you do this.

    that being said, you can upload files under diagnostics>command prompt ..... that will place them in the /tmp/ directory, then i'll give you another useful bit of information you can use ssh and the cp command to copy something, like this cp /tmp/pfatt.sh /bin/

    also steve you could have pointed out that chris posted this a few months ago; much easier

    run the below bold commands when your on console or ssh

    Just a quick note that the etf kernel module is now available as a command-line-installable package from the Netgate repos.

    [2.4.4-RELEASE][root@pfSense]/root: pkg search etf
    ng_etf-kmod-0.1 ng_etf kernel module
    [2.4.4-RELEASE][root@pfSense]/root: pkg install ng_etf-kmod
    Updating pfSense-core repository catalogue...
    pfSense-core repository is up to date.
    Updating pfSense repository catalogue...
    pfSense repository is up to date.
    All repositories are up to date.
    The following 1 package(s) will be affected (of 0 checked):

    New packages to be INSTALLED:
    ng_etf-kmod: 0.1 [pfSense]

    Number of packages to be installed: 1

    3 KiB to be downloaded.

    Proceed with this action? [y/N]:

    No need to scp it from another FreeBSD node and it should track updates by FreeBSD.



  • Dude thank you for this info!!!!!!! OMG this is exactly what i was looking for...straight forward even for this nube. thank you thank you thank you๐Ÿ‘ ๐Ÿ‘ ๐Ÿ˜€ ๐Ÿ˜€


  • Netgate Administrator

    Ah, I missed that post. Didn't realise that was in our repo now. That's good as it will probably be updated for 2.4.5 which would otherwise have required a new module uploading.

    Steve



  • @sherpagoodness said in Bypass At&t fiber BGW210-700:

    pfSense-core repository

    ok I have done my best with no success...I copied and edited the files as such and placed it in root/bin

    ONT_IF=igb1
    RG_IF= igb0
    RG_ETHER_ADDR=xx:xx:xx:xx:xx:xx replaced with mac of BGW210-700
    OPNSENSE=no

    edited my xml file as such above system as instructed.
    <?xml version="1.0"?>
    <pfsense>
    <version>19.1</version>
    <lastchange></lastchange>
    <earlyshellcmd>/root/bin/pfatt.sh</earlyshellcmd>
    <system>

    placed NG_etf.ko in /boot/kernel

    Any further suggestions I would really like to get rid of BGW210-700



  • I also did a clean install of pfsense and tried the package install of etf with no success.



  • you had it going correctly....and just so you understand you're still keeping the gateway, its just off to the side now

    make sure you search 'pkg search etf' then 'pkg install ng_etf-kmod'

    and use the shellcmd package from the package manager rather than editing that xml file; that gave me problems trying to edit it manually



  • ok thanks...will try the shellcmd to edit the xml



  • installed pkg shellcmd

    <earlyshellcmd>/root/bin/pfatt.sh</earlyshellcmd> earlyshellcmd ATT bridge

    getting an error stating sh: syntax error: end of file unexpected (expecting word)
    directly after loading configuration completes.


  • Netgate Administrator

    Do you get that same error if you just run the script at the command line?

    It seems like the script may not be complete if it's showing that error. How did you copy it onto your firewall?

    Steve



  • this is how your file should be - just replace with your modems mac address

    #!/bin/sh
    set -e
    
    ONT_IF='igb0'
    RG_IF='igb1'
    RG_ETHER_ADDR='********LEAVE Apostrophes****************'
    OPNSENSE='no'
    LOG=/var/log/pfatt.log
    
    getTimestamp(){
        echo `date "+%Y-%m-%d %H:%M:%S :: [pfatt.sh] ::"`
    }
    
    {
        echo "$(getTimestamp) pfSense + AT&T U-verse Residential Gateway for true bridge mode"
        echo "$(getTimestamp) Configuration: "
        echo "$(getTimestamp)        ONT_IF: $ONT_IF"
        echo "$(getTimestamp)         RG_IF: $RG_IF"
        echo "$(getTimestamp) RG_ETHER_ADDR: $RG_ETHER_ADDR"
        echo "$(getTimestamp)      OPNSENSE: $OPNSENSE"
    
        echo -n "$(getTimestamp) loading netgraph kernel modules... "
        /sbin/kldload -nq ng_etf
        echo "OK!"
    
        if [ ${OPNSENSE} != 'yes' ]; then
            echo -n "$(getTimestamp) attaching interfaces to ng_ether... "
            /usr/local/bin/php -r "pfSense_ngctl_attach('.', '$ONT_IF');" 
            /usr/local/bin/php -r "pfSense_ngctl_attach('.', '$RG_IF');"
            echo "OK!"
        fi 
    
        echo "$(getTimestamp) building netgraph nodes..."
    
        echo -n "$(getTimestamp)   creating ng_one2many... "
        /usr/sbin/ngctl mkpeer $ONT_IF: one2many lower one
        /usr/sbin/ngctl name $ONT_IF:lower o2m
        echo "OK!"
    
        echo -n "$(getTimestamp)   creating vlan node and interface... "
        /usr/sbin/ngctl mkpeer o2m: vlan many0 downstream
        /usr/sbin/ngctl name o2m:many0 vlan0
        /usr/sbin/ngctl mkpeer vlan0: eiface vlan0 ether
    
        /usr/sbin/ngctl msg vlan0: 'addfilter { vlan=0 hook="vlan0" }'
        /usr/sbin/ngctl msg ngeth0: set $RG_ETHER_ADDR
        echo "OK!"
    
        echo -n "$(getTimestamp)   defining etf for $ONT_IF (ONT)... "
        /usr/sbin/ngctl mkpeer o2m: etf many1 downstream
        /usr/sbin/ngctl name o2m:many1 waneapfilter
        /usr/sbin/ngctl connect waneapfilter: $ONT_IF: nomatch upper
        echo "OK!"
    
        echo -n "$(getTimestamp)   defining etf for $RG_IF (RG)... "
        /usr/sbin/ngctl mkpeer $RG_IF: etf lower downstream
        /usr/sbin/ngctl name $RG_IF:lower laneapfilter
        /usr/sbin/ngctl connect laneapfilter: $RG_IF: nomatch upper
        echo "OK!"
    
        echo -n "$(getTimestamp)   bridging etf for $ONT_IF <-> $RG_IF... "
        /usr/sbin/ngctl connect waneapfilter: laneapfilter: eapout eapout
        echo "OK!"
    
        echo -n "$(getTimestamp)   defining filters for EAP traffic... "
        /usr/sbin/ngctl msg waneapfilter: 'setfilter { matchhook="eapout" ethertype=0x888e }'
        /usr/sbin/ngctl msg laneapfilter: 'setfilter { matchhook="eapout" ethertype=0x888e }'
        echo "OK!"
    
        echo -n "$(getTimestamp)   enabling one2many links... "
        /usr/sbin/ngctl msg o2m: setconfig "{ xmitAlg=2 failAlg=1 enabledLinks=[ 1 1 ] }"
        echo "OK!"
    
        echo -n "$(getTimestamp)   removing waneapfilter:nomatch hook... "
        /usr/sbin/ngctl rmhook waneapfilter: nomatch
        echo "OK!"
    
        echo -n "$(getTimestamp) enabling $RG_IF interface... "
        /sbin/ifconfig $RG_IF up
        echo "OK!"
    
        echo -n "$(getTimestamp) enabling $ONT_IF interface... "
        /sbin/ifconfig $ONT_IF up
        echo "OK!"
    
        echo -n "$(getTimestamp) enabling promiscuous mode on $RG_IF... "
        /sbin/ifconfig $RG_IF promisc
        echo "OK!"
    
        echo -n "$(getTimestamp) enabling promiscuous mode on $ONT_IF... "
        /sbin/ifconfig $ONT_IF promisc
        echo "OK!"
    
        echo "$(getTimestamp) ngeth0 should now be available to configure as your pfSense WAN"
        echo "$(getTimestamp) done!"
    } >> $LOG
    


  • (1) I copied PFatt.sh as raw file to notepad.
    (2) Made the changes as noted saving changes using semi colon " at beginning and at end of name to ensure it save as correct file type .sh
    (3) used command prompt in pfsense webgui to upload to tmp directory.
    (4) SSH into pfsense using putty to create directory root/bin.
    (5) used file editor in pfsense to copy file to root/bin.


  • Netgate Administrator

    Notepad can break stuff completely. I recommend Notepad++ in Windows, though it's been a few years since I last used it.

    If you open the file in Diag > Edit file does it looks correct?

    Steve



  • It looks correct from what I can tell...what if I copied it directly to the pfsense file edit made the changes there then save it as file type .sh? Does that eliminate the possibility of coruption?


  • Netgate Administrator

    Yes. Or just pull it directly into pfSense and then edit it in the webgui:

    Steve



  • @stephenw10 said in Bypass At&t fiber BGW210-700:

    /root/bin/pfatt.sh

    Did it got the same syntax error.


  • Netgate Administrator

    Sorry wrong file path there. Try this:

    [2.5.0-DEVELOPMENT][admin@fw321.stevew.lan]/root: fetch -o /root/bin https://raw.githubusercontent.com/aus/pfatt/master/bin/pfatt.sh
    /root/bin/pfatt.sh                                    3309  B   11 MBps    00s
    


  • now I am getting the following error...kldload: an error occurred while loading the module. Please check dmesg(8) for more details. It appears I might be out of luck.


  • Netgate Administrator

    Can you load the module manually?:

    kldload ng_etf.ko
    


  • nope same error...can I download ng_etf.ko to /boot/kernel directly.


  • Netgate Administrator

    Hmm, and you got that module from the repo using pkg install?



  • @stephenw10 it says the pkg is installed gonna delete it and reinstall now.


  • Netgate Administrator

    That sort of error can often be because the module is wrong, from the wrong FreeBSD version or wrong architecture, but that cannot be the case if you installed it from the repo.



  • ok ran the pkg installer again it says installed but when I look in /boot/kernel I don't see the ng_etf-kmod file.
    the original file was from https://github.com/aus/pfatt/blob/master/bin/ng_etf.ko


  • Netgate Administrator

    It installs it to /boot/modules. It installs and load fine or me here.

    What hardware are you running this on?



  • It's a Qotom I5 mini pc...gonna try my original pfsense computer build now just copied over the current xml config.


  • Netgate Administrator

    Can you show the exact command you're using and the error you're seeing?



  • pkg install ng_etf-kmod-0.1 I don't get an error on the install it says it completed...maybe my expectation is wrong. I am assuming (which I know I should not) that the pkg installs all the variables and I simply have to connect the att gateway to the wan port on the pfsense box and the att ont to the lan side of the pfsense box and reboot.


  • Netgate Administrator

    Right and I assume you see the install happen after that rather than an error? The more info you give us the better we can help you here.

    Please give the full console output of you trying to load that module and the error it returns.

    Steve



  • using the shellcmd configuration Shellcmd Type earlyshellcmd...do I need to put

    the full <earlyshellcmd>/root/bin/pfatt.sh</earlyshellcmd>

    or simply /root/bin/pfatt.sh

    also where do I find those logs you mentioned?


  • Netgate Administrator

    You don't need the tags just the full path to the command: /root/bin/pfatt.sh

    Just copy and paste the console showing you running the command and whatever the output is.

    Steve



  • ok also do I still need to run those chmod commands?

    noted: chmod +x /root/bin/pfatt.sh

           chmod 555 /boot/kernel/ng_etf.ko

  • Netgate Administrator

    I did not after installing from the pkg. You might well have to if you uploaded the module manually.

    It would show a permissions error if that were the case though.

    Steve



  • I ran dmesg -a and got the out put below.

    Initializing.................. done.
    Starting device manager (devd)...kldload: can't load ums: No such file or directory
    done.
    Loading configuration......done.
    linker_load_file: Unsupported file type
    kldload: an error occurred while loading the module. Please check dmesg(8) for more details.
    Updating configuration...done.
    Checking config backups consistency.................................done.
    Setting up extended sysctls...done.
    Setting timezone...done.
    Configuring loopback interface...done.
    Starting syslog...done.
    Starting Secure Shell Services...done.
    Setting up interfaces microcode...done.
    Configuring loopback interface...done.
    Creating wireless clone interfaces...done.
    Configuring LAGG interfaces...done.
    Configuring VLAN interfaces...done.
    Configuring QinQ interfaces...done.
    Configuring IPsec VTI interfaces...done.
    Configuring WAN interface...
    em0: link state changed to UP
    done.
    Configuring OPT1 interface...done.
    Configuring OPT2 interface...done.
    Configuring OPT3 interface...done.
    Configuring LAN interface...done.
    Configuring CARP settings...done.
    Syncing OpenVPN settings...done.
    pflog0: promiscuous mode enabled
    Configuring firewall......done.
    Starting PFLOG...done.
    Setting up gateway monitors...done.
    Setting up static routes...done.
    Setting up DNSs...
    Starting DNS Resolver...
    em4: link state changed to UP
    em2: link state changed to UP
    em3: link state changed to UP
    em1: link state changed to UP
    done.
    Synchronizing user settings...done.
    Starting webConfigurator...done.
    Configuring CRON...done.
    Starting NTP time client...done.
    Starting DHCP service...done.
    Starting DHCPv6 service...done.
    Configuring firewall......done.
    Generating RRD graphs...done.
    Starting syslog...done.
    Starting CRON... done.
    Starting package Shellcmd...done.
    pfSense 2.4.4-RELEASE (Patch 3) amd64 Wed May 15 18:53:44 EDT 2019
    Bootup complete


Log in to reply