To setup a routerboard or other routing device making use of a single Static IP address with a Qwest DSL modem. To make this work properly we will make use of Transparent bridging mode with the modem and we will make use of ppoe client on the routerboard.
You can easily order an static ip address with Qwest or many other providers, however they do not often tell you how to setup your devices with this new static information (in most cases). It is believed that with Qwest you must have a small block of addresses to properly allow your gateway/vpn/routerboard to have the external static address. This is incorrect! When the DSL modem is operating in transparent bridging mode the device directly after the modem should be able to have the external static IP. This however, does not mean this is simple to setup (mostly due to a lack of documentation on doing so).
What you need:
There are a few things we are going to just assume you already have running. I will try to make sure to explain everything as much as possible but there are some things that are outside the scope of this document. Here are the things that are expected before we get to work setting up our router device with the qwest modem operating in transparent bridging mode.
You should have a qwest modem that can work with Transparent Bridging. In this example we were using an M1000.
You should have the modem connected to the internet and properly working before we get started. This eliminates problems with the service not working.
You MUST have the username/password for the Qwest/DSL account. Without this you will not be able to setup your router device.
Configuring the Modem:
We need to configure the modem to run in Transparent Bridging mode. Basically what this means is that the modem is only making the connection possible for you. It is not doing any authentication and it is not taking the “Static External” ip address for itself as it usually would. The device directly after the modem will now be responsible for Authentication, Natting, DHCP, Firewalls, Etc... We will first look at setting up the modem and then setting up the routerboard system.
Connect to the modem from the LAN that should now be running. It is most likely 192.168.0.1 or 192.168.1.1
Check the “Modem Status” page to make sure the modem is running a firmware equal to or greater than “QA02-X”. If it is not you must either get a different modem or upgrade your firmware. (Or if you know the modem supports transparent bridging you must know how to get this functionality setup yourself). Otherwise continue on for setup instructions.
Once you have the correct firmware click on the “Advanced Setup” link at the top of the page. For us it looks like a big red button.
On the left side you should see a section called “IP Addressing”. Under that heading should be an option called “WAN IP Address”. Click the link and proceed on.
You will see a number of radio buttons, one of which called “RFC 1483 Transparent Bridging.” Check that box.
Scroll to the bottom of the page and click the “Apply” button.
Your modem will now likely reboot. Either way it is likely that on the quick status on the left it will list the modem as “Not Connected”. This is normal, read on for explanation of what we did and what it will change with your current setup.
After enabling transparent bridging it will disable NAT/DNS/DHCP/ETC on the “LAN” side of the modem. However, if we set our LAN interface on our laptop/desktop statically to 192.168.0.x you should still be able to talk to the modem on 192.168.0.1 if you need to.
At this point in time you will also notice that you have no internet connection. You will also not get any DHCP leases from either Qwest or the modem. Its time to plug in and configure your router device.
Configuring your router (Routerboard):
We are going to now setup the routerboard. In this case we are using RouterOS 4x on a routerboard 450G. This information may still be useful for you when configuring other devices to use a similar setup, just make sure to change things where needed.
Connect to the routerboard with winbox.exe (Note* winbox.exe works well in linux as well, just launch it using wine, tested on Fedora 9,10,11).
Make sure to setup all of your LAN address information. In our case we used eth1 for LAN, eth0 for WAN. LAN IP range for our example is 18.18.1.x.
Setup the WAN interface to have a DHCP client (Note! This is with Qwest only, this may be different with different DSL providers!).
Setup the PPOE client to use the username/password of the QWEST DSL account.
Locate “PPP” on the left side of the Winbox config tool. (Click it)
Click on the red + sign that has the drop down dialog (Left of the dialog that poped up). Locate “PPOE Client” and click it.
A new dialog called “New Interface” should pop up. On this screen setup the following information.
Interfaces should be set to ether1 (gateway plugged into modem).
Click on the “Dial Out” tab and put in the username/password for the DSL account.
Make sure “Add default rule” is checked.
All of the options under “Allow” should be checked.
Profile should be set to “default”.
Click “Apply” and close the dialog.
Click on the “Log” Tab on the left of the screen. You should see a message such as “PPOE Client Successfully authenticated”. If you look at the “Interfaces” tab on the left side you will see a new interface labeled something like ppoe-out.
Make sure you can ping out from the routerboard at this point. You should be able to ping from the routerboard (tools->ping).
You will not yet be able to ping from the LAN you are connected to. I use a Bresnan DNS server to ping (188.8.131.52).
If you cannot ping from the router/routerboard at this point double check all of your settings for the WAN/PPOE client and your Log.
It should help you debug what is going on. Usually it is something to do with an incorrect username/password.
Build the NAT rules for the LAN you are connected to so that the LAN clients can get out to the net as well.
Locate the “Firewall” tab (IP->Firewall) on the left side of the screen.
Once the new dialog has loaded click on the “NAT” tab at the top.
Click the red + sign to create a new NAT rule.
On the dialog that pops up put in the following information.
Src. Address: (YOUR LAN NETWORK HERE). ex. 184.108.40.206/24
Click the “Action” tab. Put in the following information.
Now “Click and Drag” the rule you just created to the “Top” of the firewall chain.
You should now be able to ping the outside world from your LAN interface on your router/gateway/routerboard/etc...
If not, review your NAT rules to make sure they look correct.
You should now notice that if you click on the “Addresses” tab (IP->Addresses). That there should now be a “Dynamic” entry for the Static address we get from the ISP (Qwest in this case). This will be the static IP address that everything on your LAN will be routing out of. You can see this by going to the following website http://www.ipchicken.com
Note* Some ISP’s do not give you a static IP via DHCP. In our case Qwest does. This is good for us because it builds the default route for us (0.0.0.0/0 pointing to our gateway which we also get dynamically). If the ISP does not give you an static IP Dynamically you will have to setup the static address under the IP->Addresses tab and will have to build your 0.0.0.0/0 route for your gateway manually under IP->Routes. Without this not even the routeroard will be able to ping external addresses. (Common ping statement would be “No route to host/network”. This is commonly an error for gateway problems).