Long time IPCop user finally has to make the move to something great and modern and with lots of momentum. Lots of research and here we are at IPFire.
PROBLEM: Figure out connection between Smart RG Gateway SR516ac modem (provided by Canada’s Teksavvy, running on top of Bell Canada infrastructure) to a IPFire firewall running on a separate desktop computer.
PREVIOUS: The same pattern worked like a charm with IPCop previously – what some call “half-bridge” – the log-in is in the modem (which was then a Cellpipe 7130) but the dynamic public IP address ended up on the firewall.
NETWORK LAYOUT: Internet – modem – firewall – switch – clients and devices and access point. RED and GREEN are deployed the usual way on the firewall.
TRIGGER FOR CHANGE – Old modem died, and we now have the new modem. We are now without Internet for over a week :frowning. Configuration to a full firewall (as opposed to some little router) has not gone according to plan.
FIREWALL HARDWARE – Right now it is still 32-bit (I realize that 32-bit IPFire won’t be around much longer), with 2 X Gb NICs, 3 GB RAM and an “old processor”. Will be updated after this emergency.
RESEARCH ON HOW TO CONNECT: Have done a huge amount of reading and testing (including the full modem manual), and have had help from Teksavvy. Tried on Red static, DHCP and PPP dial-up, matched with various configurations of IPFire. Successful access to IPFire via direct monitor or via web page. Partial access to modem sometimes when connected, but mostly connected to laptop for off-line configuration.
PROBLEM: Cannot get 516ac modem management page to show up after configuration and reconnection, on a web page. The modem does show success connecting both DSL and Internet (as indicated by lights)
SUSPICION: The latest thing tried is related to the modem manual’s statement that if you want to turn off NAT (i.e. maybe to avoid double-natting?), then the Internet connection will fail if you do not “add a route on the uplink equipment”. Not sure at all that this is the problem, just the latest thing we are looking at.
WHO MIGHT BE INTERESTED: This seems like it would be a common use case and interesting to a lot of people. Basically, put a full-on firewall on a older or smaller box behind the ISP router – and protect everything a little better.
QUESTION #1: Big picture – what is the best way to do this – static, DHCP or dial-up?
QUESTION #2: Is there a detailed recipe anywhere on how to do the best way? That is relevant to this type of modem?
QUESTION #3: Are there specific gotchas that we should be aware of?
I’m planning on doing our own diary after this which I can share.
Super thanks for any guidance! Go IPFire!
John