WAN configuration for ISP providing RAT


#1

Hi,
my ISP offers a static IPv4.
I’m instructed to use this network: 84.79.184.226/30
This means my static IPv4 is 84.79.184.226, broadcast is 84.79.184.227 and gateway 84.79.184.225.

The IP 84.79.184.225 is actually displayed in the router provided by ISP (FRITZ!Box Cable) and in my understanding the router with VyOS is using the FRITZ!Box as a modem.

What is the correct configuration for WAN on eth0?
Must I configure a default route 84.79.184.225 (with command set protocols static route 0.0.0.0/0 next-hop 84.79.184.225)?
Or is the default route the IP 192.168.0.1 of LAN (192.168.0.0/24) on eth1?

Any advice is appreciated.

THX


#2

Hello,
if you plan to use fritzbox than you need to setup route via 192.168.0.1


#3

???
Just to make clear:
FRITZ!Box provides modem service to the router.
The network 192.168.0.0/24 is not available with the FRITZ!Box.


#4

So Fritzbox is in bridged mode?


#5

Well, yes… kind of.

The webUI of FRITZ!Box allows me to configure a port which allows me to use the public static IP.


#6

so if you plug your pc there and configure static ip, it will work like that?
If so, you can do as you wrote initially - do default route vi 84.79.184.225


#7

Correct… it should work like that.
But it don’t!
I was investigating everything on my side, and this includes opening this post, but couldn’t connect to the internet.
But today, after a call with ISP support, I was told that my public IP is blacklisted at BARRACUDA.
Once I’m whitelisted there I’ll try again.


#8

very depends on ISP - they can use VLAN or PPPoE type of connection
so setup it as interface will not work
What ISP you use?


#9

unitymedia business (GER)


#10

https://www.unitymedia.de/business/selbststaendige/hilfe-service/statische-ip/
So, you need to set MAC on VyOS that allowed by them, and configure interface for dhcp


#11

Actually it’s RAT.
There’s no mapping MAC - IP and no DHCP… it’s a real static IP.


#12

I think you mixing things
you can have static ip via dhcp
That is just one of way how you handle it.

I maybe wrong ofcourse.
Just set interface address and route should be enough
but if it not works like that, likely some MAC based security in place
Can you also clarify on that with your ISP? (sorry my German heavily depends on google translate :slight_smile: )


#14

I can jump in, but I don’t live in Germany anymore since almost 10 ys.
They have a subpage which ‘converts’ the MAC address, they basically generate a ID.
For 9c:c7:a6:a3::28:3b it would be 9cc7a6a32837, you gotta setup that ID in the service center. (they state on the website it would be the IP, which tells me already a lot about the ISP).
Anyway, once done, setup 84.79.184.226 and try to ping 84.79.184.225, if it doesn’t work, call you ISP.
If it works, try to ping it from outside (make sure you are not filtering icmp echo req/resp away.

That should be it.