[Frage] Is it possible to route a PPPoE-assigned subnet for other devices.

frater

Mitglied
Mitglied seit
23 Nov 2008
Beiträge
455
Punkte für Reaktionen
3
Punkte
18
I can fully understand German. It's however difficult for me to express myself as precise as I want to in German.

From a provider I'm getting a /30 -network through a fibre connection on UTP.
Let's say I'm assigned 20.0.0.0/30

When I configure the Fritz!Box with PPPoE, it will get 20.0.0.1/30 and some gateway of the provider outside that network.
I now want to configure a device with 20.0.0.2/30 with gateway the IP of the Fritz!Box PPPoE-address (20.0.0.1).

Can the Fritz!Box do this and if necessary from the CLI ?

If not, I will be forced to order a /29 network and get an extra router, like a Mikrotik, and let that one do the routing I prefer the Fritz!Box to do.
 
I now want to configure a device with 20.0.0.2/30 with gateway the IP of the Fritz!Box PPPoE-address (20.0.0.1).

Can the Fritz!Box do this and if necessary from the CLI ?
Do you mean, if the Fritzbox can act as a DHCP sever for this public subnet? I don't think so. But of course you can statically configure the nodes, and the Fritzbox will route the subnet, if you have configured it.

1701351515505.png

1701351331987.png
 
Hi, I'm not interested in DHCP.

I've seen that before, but it doesn't really tell much how I can use it.

Can I fill in 20.0.0.0 and 255.255.255.252 there and connect a router to the LAN-port configured wih 20.0.0.2/30 with 20.0.0.1 as gateway and that will work?
 
Yes, I think so.
 
@PeterPawn

Can someone chime in to confirm or deny that this works? I have no means of testing it as this network is not yet delivered.

It has to start working from day 1

Strange that this feature isn't documented (afaik)
 
Well, I have read some forum entries about Telekom Small Business DSL contracts or Vodafone DOCSIS connections using mainly /29 networks. This works as foreseen using this configuration entry.

Maybe also if interest:
 
Well, that looks quite hopeful.
The location where this should work currently has a provider-provided Mikrotik router with a subnet /29.
The Mikrotik does the static routing on 2.0.0.1/29 and the Fritx!Box and a foreign router have 2.0.0.2 and 2.0.0.3

We're switching provider.

The new provider gives me a /30 network and if I would use the same setup as above (Mikrotik, FB & Cisco), I would come 1 IP short for the foreign Cisco-router.

If I want to continue using a Fritz!Box there, I need to give the Fritz!Box the task of the Mikrotik as well.

I do not have the PPP-login of the current provider and at this stage I don't think I can ask them. I will try anyway.
If they do, I can test the configuration and hopefully get a proof-of-concept.

Someone assuring me that it actually works would be most welcome.
For starter the "not recommended" phrase in the AVM's interface somewhat diminishes my hope.

Also this sentence is worrying

  1. For the IP address, enter an IP address from the public IPv4 network. This IP address may not already be used by another device in the FRITZ!Box home network.
EDIT: I now think they are suddenly talking about the foreign device.

2.0.0.1 is an IP that's already used by the FB. It's the WAN IP for the NAT-network.
The whole idea of it is to not waste an extra IP. 2.0.0.2 should be used for the Cisco-router. There will be no more IP's available.
 
Zuletzt bearbeitet:
Today we migrated from one provider to another and got our /30 subnet.
Luckily it IS possible to use the Fritz!Box as both a NAT-router and a static router for its PPPoE-obtained /30 subnet

The Fritz!Box logs in using PPPoE and obtains the WAN-IP x.x.153.57

Network: x.x.153.56/30 - subnet provided by ISP
Fritz!Box: x.x.153.57 - NAT-router for 192.168.x.x/24 network
Cisco: x.x.153.58 - Foreign device connected to the LAN (it uses x.x.153.57 as its gateway)
Broadcast: x.x.153.59

In the IPv4 section I filled in:

x.x.153.56
255.255.255.252

1702389775047.png
[Edit Novize: Image reduced to preview according to the rules]
 
Zuletzt bearbeitet von einem Moderator:
I wasn't expecting this at all, but it turns out that there's a firewall active for x.x.153.58

How can I open ports for these addresses?
 
Should be the same way, as for "usual" NAT devices. You should be able to select the devices in the List for port forwardings and configure the desired ports.

At least for IPv6 it is the same way as for NAT devices, and IPv6 uses also regular routing.
 
It should, but it isn't....
The device doesn't show up at all in the devices list.

When I put the IP in manually, it comes with an error message.

I don't really understand your comparison with ipv6 and I would compare it to devices on a guest network.
You can't make settings for those either.

From a "router point of view" I totally don't understand why the WAN IP's in the subnet should have a firewall at all.

It's an Internet-address.... only adult devices are allowed there.
AVM chose to make that setting simple... then make it simple.

1702467139257.png

It IS aware that the IP is inside the routed subnet as it gives a different message when I use an IP just below the network.
x.x.153.54 isn't inside x.x.153.56/30

1702467563660.png
[Edit Novize: Giant images reduced to preview according to the rules]
 
Zuletzt bearbeitet von einem Moderator:
Vorsicht, bei einem Netz /30 hast du nur 2 Adressen. Eine musst du eintragen, die andere gehört deinem Provider als Default Gateway. Der Rest ist der Netzname und die Broadcast-Adresse.
Du brauchst mindestens ein /29-Netz!
Gerhard
 
No, I don't
This is a perfectly normal routed subnet I've been doing more than 20 years on other devices.
At the time they were SDSL routers pushing it through the PPPoA-interface.

The WAN-connection is obtained with a PPPoE-connection (x.x.153.56/30) and the Fritz!Box receives x.x.153.57 from the provider.
The provider also sends a subnet with which the Fritz!Box doesn't do anything automatically.

It will do NAT with it and in this case it will cater a 192.168.148.0/24 network where 192.168.148.1 is their gateway to the Internet.

By filling in x.x.153.56 and 255.255.255.252 in the special section, the Fritz!Box will route traffic coming from x.x.153.58 (a foreign Cisco) to its PPPoE-interface going to x.x.153.57 (the Fritz!Box)
 
Zuletzt bearbeitet:
Maybe that's because 18x.xxx.153.58 is not within any IP range for private use.
 
I don't really understand your comparison with ipv6 and I would compare it to devices on a guest network.
Well, for IPv6 you often get a /56 Prefix or even a /48 Prefix from your provider. This is a public routeable subnet, like your /30 for IPv4. So devices in the net of the Fritzbox have public addresses, and also the firewall of the Fritzbox is active for them. But in the same configuration page of the Fritzbox you can open ports for the devices, in the same way as you do it for port forwardings for NAT IPv4 (although that are not forwarded ports but opened ports). And as far as I remember, it is the same way for public IPv4 addresses. You chose the node out of the list of available servers and can configure the open ports. I'm not sure why the nodes are not listed in your box. See chapter 3:
 
> Maybe that's because 18x.xxx.153.58 is not within any IP range for private use.

That's exactly the reason why I did not obfuscate the first 2 digits, so to make it clear we're talking about public IP-addresses.
You got that right, indeed.
But this whole subject is about a routed subnet and external devices with a public IP connected to the Fritz!Box, so you may want to read it all again.

AVM spoiled this whole setup with an unwanted firewall.

I don't understand why AVM didn't bypass the firewall for these WAN-IP's.
Who wants to configure their firewall on 2 different devices?

It would make sense if you have a special page for a "routed subnet firewall"
One could then make it possible to create a real DMZ, but I don't think there's that much need for in this segment.

-- Zusammenführung Doppelpost by stoney

Hi Frank.... Yes, there's documentation and there's the real world.
It doesn't work, though.

I can't add a device "because it is assigned to another device"

I searched on "153" with grep in /var/flash/ar7.cfg and there's only 1 line with the network address there.
Maybe it's merely a bug in the GUI and there's a way to get there using pcplisten or ctlmgr_ctl ?

-- Zusammenführung Doppelpost by stoney

Your remark about it being similar to the way ipv6 is handled made me think.
I have turned off ipv6 on that router...

I also took a factory 7530AX and entered the subnet 18x.xxx.153.56/30
It had then no problems adding a firewall rule for 18x.x.153.58

So where is this going wrong?

-- Zusammenführung Doppelpost by stoney

@frank_m24
I solved the mystery thanks to you when you said it is normal for a device to show up in the list.
I also had no problem adding a wan-ip of a routed subnet on a virgin router.

It turns out the Cisco router once had a LAN-IP and it was already sitting in that list under an obscure name.
I could have discovered it earlier when I grepped ar7.cfg with the mac-address, but I used a case-sensitive search.
Funny AVM uses uppercase MAC-Addresses.

I had to remove the device from the list manually by editing /var/flash/ar7.cfg

I understand the reasons why AVM uses MAC-addresses where it pretends to work with IP-addresses, but it should then at least show that MAC-Address on each page for each device and it should also give a clearer error message when it claims the device is already there.


It's now gone and afterward it showed up with a new name and the correct IP.
I was able to add that IP to the firewall.

I turned on exposed host and now it's working

Thanks Frank for your patience
 
Zuletzt bearbeitet von einem Moderator:

Zurzeit aktive Besucher

Neueste Beiträge

Statistik des Forums

Themen
246,558
Beiträge
2,254,004
Mitglieder
374,421
Neuestes Mitglied
Klaus_Da
Holen Sie sich 3CX - völlig kostenlos!
Verbinden Sie Ihr Team und Ihre Kunden Telefonie Livechat Videokonferenzen

Gehostet oder selbst-verwaltet. Für bis zu 10 Nutzer dauerhaft kostenlos. Keine Kreditkartendetails erforderlich. Ohne Risiko testen.

3CX
Für diese E-Mail-Adresse besteht bereits ein 3CX-Konto. Sie werden zum Kundenportal weitergeleitet, wo Sie sich anmelden oder Ihr Passwort zurücksetzen können, falls Sie dieses vergessen haben.