WAN configuration for ISP providing RAT


#1

Hi,
my ISP offers a static IPv4.
I’m instructed to use this network: 84.79.184.226/30
This means my static IPv4 is 84.79.184.226, broadcast is 84.79.184.227 and gateway 84.79.184.225.

The IP 84.79.184.225 is actually displayed in the router provided by ISP (FRITZ!Box Cable) and in my understanding the router with VyOS is using the FRITZ!Box as a modem.

What is the correct configuration for WAN on eth0?
Must I configure a default route 84.79.184.225 (with command set protocols static route 0.0.0.0/0 next-hop 84.79.184.225)?
Or is the default route the IP 192.168.0.1 of LAN (192.168.0.0/24) on eth1?

Any advice is appreciated.

THX


#2

Hello,
if you plan to use fritzbox than you need to setup route via 192.168.0.1


#3

???
Just to make clear:
FRITZ!Box provides modem service to the router.
The network 192.168.0.0/24 is not available with the FRITZ!Box.


#4

So Fritzbox is in bridged mode?


#5

Well, yes… kind of.

The webUI of FRITZ!Box allows me to configure a port which allows me to use the public static IP.


#6

so if you plug your pc there and configure static ip, it will work like that?
If so, you can do as you wrote initially - do default route vi 84.79.184.225


#7

Correct… it should work like that.
But it don’t!
I was investigating everything on my side, and this includes opening this post, but couldn’t connect to the internet.
But today, after a call with ISP support, I was told that my public IP is blacklisted at BARRACUDA.
Once I’m whitelisted there I’ll try again.


#8

very depends on ISP - they can use VLAN or PPPoE type of connection
so setup it as interface will not work
What ISP you use?


#9

unitymedia business (GER)


#10

https://www.unitymedia.de/business/selbststaendige/hilfe-service/statische-ip/
So, you need to set MAC on VyOS that allowed by them, and configure interface for dhcp


#11

Actually it’s RAT.
There’s no mapping MAC - IP and no DHCP… it’s a real static IP.


#12

I think you mixing things
you can have static ip via dhcp
That is just one of way how you handle it.

I maybe wrong ofcourse.
Just set interface address and route should be enough
but if it not works like that, likely some MAC based security in place
Can you also clarify on that with your ISP? (sorry my German heavily depends on google translate :slight_smile: )