Gateway project networking help

Issues related to configuring your network
Post Reply
cmpsalvestrini
Posts: 5
Joined: 2018/11/18 18:47:32

Gateway project networking help

Post by cmpsalvestrini » 2019/11/23 18:51:00

Dear all,

I have been striving to build myself a "better mousetrap" in alternative to the (good, but deficient) setup I have at home. I wantt this gateway to be dual-stack IPv4/v6; however for reasons known only to my ISP I can not subdelegate any more prefixes from my IPv6 subnet. My goal, given my ISP's ONT terminal has several weaknesses - namely, the aforementioned nonroutable prefix (about which I can not do anything about) and that the router it provides is prone to freezing, its built-in dhcp is unable to provide more than class C IPv4, and IPv6 drops altogether under load - is to create a no-frills dual stack firewall /gateway, but in order to do that I need also IPv6 connectivity. This is what I envision:

Internet ---> ONT ---> CentOS Box --->Switch to my LAN

The means by which I want to do that is through a dual NIC where port A will be ONT facing and port B will be LAN facing.

Services at port A: Web + TV + VoIP -- These remain as they are and are "outside" the projected gateway, which is just to provide the reliability that my ONT does not have. It can handle the IPTVs and the VoIP, but I will be taking control of my network, thank you very much. So to do this I was thinking about a virtual bridge comprising port A and B of the dual MAC adapter (since packet forwarding from port A to port B is, essentially, nonfunctional for me). The idea is to have it dual homed, though: Port A will receive its addresses from the ONT box, whilst port B will host DHCP v4 / v6 and DNS, everything secured via firewall of course.

This long introduction is necessary because I do not know for sure how to make the kind of bridge that I described above. Do I create a virtual bridge comprising the dual-NIC card and two virtual adapters, one outward and one inward, or is there a different kind of method to it?

Thanks in advance.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Gateway project networking help

Post by jlehtone » 2019/11/24 08:37:45

cmpsalvestrini wrote:
2019/11/23 18:51:00
The idea is to have it dual homed, though: Port A will receive its addresses from the ONT box, whilst port B will host DHCP
You do describe a router.
packet forwarding from port A to port B is, essentially, nonfunctional
Please, explain.

cmpsalvestrini
Posts: 5
Joined: 2018/11/18 18:47:32

Re: Gateway project networking help

Post by cmpsalvestrini » 2019/11/24 20:33:40

what I meant is that, though I have IP forwarding set in IPv4 and IPv6, my IPv6 pings return a "route not found" error." I can set NAT in IPv4, the address that I have my router on has been set as a DMZ, thus the router is essentially directly accessible from the Internet. the IPv6 part is what concerns me, however.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Gateway project networking help

Post by jlehtone » 2019/11/25 12:58:36

cmpsalvestrini wrote:
2019/11/23 18:51:00
Internet ---> ONT ---> CentOS Box --->Switch to my LAN

Services at port A: Web + TV + VoIP -- These remain as they are and are "outside" the projected gateway
cmpsalvestrini wrote:
2019/11/24 20:33:40
I can set NAT in IPv4, the address that I have my router on has been set as a DMZ, thus the router is essentially directly accessible from the Internet.
Something in that sounds fundamentally wrong. It could be that my semantics for "Web", "TV", "VoIP" is different (and "ONT" I won't even try to guess).
cmpsalvestrini wrote:
2019/11/24 20:33:40
what I meant is that, though I have IP forwarding set in IPv4 and IPv6, my IPv6 pings return a "route not found" error.
the IPv6 part is what concerns me, however.
Alas, I've had no IPv6 for "real play". (There is IPv6 in one site, and I get prefix, but router is not CentOS. On other site I had site-local IPv6 as test and CentOS 6 did route it fine.)

The question on routing is, Who knows what?

Does a device on LAN know the "route out"?
Does your router know IPv6 routes
Does a device on internet (e.g. nearby router) know the route to your IPv6 LAN?

cmpsalvestrini
Posts: 5
Joined: 2018/11/18 18:47:32

Re: Gateway project networking help

Post by cmpsalvestrini » 2019/11/25 15:58:48

To summarise:

IPv4 wise, everything works hunky dory. Ping out, dns, dhcp, routing. Everything like a charm. On IPv6: DHCP is ok, routing is ok (traceroute detects a route), DNS is ok as well... but pings out from the lan and in from the wan are silently dropped.

Post Reply