How to get Motorola NVG510 used with new ATT DSL working w/ pfsense
-
Greetings,
So ATT is forcing its DSL customer to switch to a new DSL service branded as UVerse, but here lies my troubles. The new DSL service is ADSL2+ with IPDSLAM backend, and there are only two modems that are supported at the moment. ATT is currently requiring the user to purchase the NVG510 made by Motorola.
Thats the backstory, so the NVG510 doesnt have a bridged mode, only a IP-Passthrough mode, in the IP passthrough mode the modem passes the public IP address over to the designated system. Problem is it isn't perfect, for some reason the routing tables get hosed in the handoff. I have googled around there doesnt seem to be much out there on this. I can post any logs, or anything else thats needed.
Thanks,
<solution>For those not wanting to read all the posts, the issues arise when the NVG510 hands off the ip address to the pfsense box, it does it via dhcp but with the wrong netmask (255.255.255.255 or /32). You have to correct the netmask and then add a default route
ifconfig em0 x.x.x.x/20 <--== the public IP your assigned from the NVG510 route add default x.x.x.x <--== the gateway your given via DHCP from the nvg510Additionally it doesnt seem to handoff the DNS servers either, so you either need to log into the modem's config and grab them, then manually add them to pfsense or use googles public dns servers (8.8.8.8 and 8.8.4.4).
Oh, and it will clear these on every reboot, but your pfsense and modem are on an UPS anyway right?</solution>
-
Yes, there is no route to the gateway because the gateway (99.112.232.1) is in a different network to the pfSense WAN interface (99.112.234.151/32).
What type of interface is the pfSense WAN interface? (DHCP?)
Can you set the modem to hand you the public IP address by PPP? The manual you linked to describes (briefly) a PPPoE relay enable command. Perhaps PPPoE relay is what you should be using? Maybe you need to discuss this with ATT Tech support.
I don't know how this configuration is supposed to work. Perhaps its discussed in the manual but I didn't see it on my brief look. The short section on page 58 leaves a number of unanswered questions.
-
Manual http://www.ron-berman.com/wp-content/uploads/2011/11/nvg510manual.pdf
The wan interface is DHCP, its the public IP given to the modem (I am assuming att uses dhcp to assign the ip to the modem, but could be static I dunno). The manual describes the command line mode which isnt enabled on the modem, and most of the screens are mildly crippled so I cant change it. Here is a screenshot for the different screens if you really want to look into it. http://screenshots.portforward.com/Motorola/NVG510/index.htm
Now that I am looking into it a bit more, when it hands the public ip to the pfsense box, it doesn't give dns servers and stuff either. odd..
What routes do I need to add/delete/modify in order to the get pfsense box to talk to the default gateway?
So it seems there is a bug in the firmware where when it gives the ip over to the pfsense box via dhcp, it sends a netmask of 255.255.255.255 which is causing all the issues. How do I modify the netmask in the routing tables?
Thanks,
-
What routes do I need to add/delete/modify in order to the get pfsense box to talk to the default gateway?
On the information we have here I suspect you can't get pfSense to talk to the default gateway because the gateway is not on the same network as the pfSense WAN interface hence there is no way to get to the gateway from pfSense UNLESS you can persuade pfSense with some trickery that might be fairly fragile.
Suppose you added an additional IP address to the WAN interface, an IP address in the same network as the WAN gateway: e.g. 99.112.232.2/30. Then the gateway will be in the same network as the pfSense WAN interface and pfSense should generate an ARP request for the MAC address of the gateway (presumably the modem will reply with one of the modem's MAC addresses) so pfSense will know where to forward packets to the gateway.
What happens if the gateway IP changes? You'll no longer have internet access until you figure out what it changed to and adjust accordingly. This change will possibly mess up routing to some internet hosts (depending on how big you make the network mask). I don't know what source IP address pfSense will use for packets sent to the Internet if you configure this way. If its the additional IP then you could be in trouble. This is possibly not an idea for the faint hearted.
Now that I am looking into it a bit more, when it hands the public ip to the pfsense box, it doesn't give dns servers and stuff either. odd..
This doesn't sound like an idea "ready for prime time". At best its been configured poorly on the ISP side.
I wonder: what is the purpose of this IP Passthrough facility?
With regard to the solution section of the original post, will you always get the same public address by DHCP? Will the gateway address always be the same? What will happen if you attempt to access systems on the public internet with an IP address in the expanded network range? (The routing information suggests they are directly accessible on the same network but maybe the aren't really on the same network and become inaccessible.)
-
Yea this whole thing is no good, if the modem resets or or anything else everything as to be re-entered. It seems to be a bug in the modem. I read through the manual a couple of times and it seems the ip-passthrough is the closest thing to a bridge mode the modem will do. I tried to go down the port forwarding route but I would have to enter every port I was going to use as a forwarding rule.
Separately, if you use the router ability built into the modem it has DNS issues. Evidently att DNS servers are slow, or the timeout is too short in the router portion but you end up with websites that don't load completely, or random host unreachable's.
I agree its piece-mail at best, and if anything changes on the att network side, or the modem gets a new IP it all comes crumbling down, its unfortunate to have to make this much of a workaround for whats supposed to be a business class product. Hopefully motorola will release a firmware update to resolve the issues, but who knows.
I appreciate your help and feedback!
-
this does seem to be the accepted work around , but seems like it really sucks to me.
here is what i would like to try,, getting uverse in a few days , ask the rep if i can bridge and was told yes.
then got home as search and saw you cant.
it seem like the ip pass would be dubble NAting1. according to the book from moto bride mode exist and works
http://www.ron-berman.com/wp-content/uploads/2011/11/nvg510manual.pdf"This guide describes the wide variety of features and functionality of the Motorola
Gateway, when
used in Router mode. The Motorola
Gateway may also be delivered in Bridge mode. In Bridge
mode, the Gateway acts as a pass-through device and allows the workstations on your LAN to have
public addresses directly on the Internet"there is tel net we need to poke that,
if not maby we can find the OG firmware from moto
2 there is the moto 2247-N8 ADSL2 802.11n Wi-Fi Gateway
this looks to be very close to the NVG510 sans the phone spliter
i wonder if the 2247 firmware can be loaded on the nvg510 to allow bridge mode.
the command line looks to be the same.does anyone have a 2247 so that we can compare chipsets.