ADSL Routing Solution in Detail

By | November 29, 2006

My previous posts on my ADSL setup have generated a great deal of interest, so I’m now adding a detailed writeup on how to set up this system.
First, here is a reference diagram of how everything fits together:

Bear in mind that you could replace any part of the system with something comparable. E.g. the RTA1320 could be replaced wtih any ADSL router that supports half-bridge mode, and the WRT54GL could be replaced with a dedicated PC runing Smoothwall or some other full-blown firewall package.

Disclaimer: I’m assuming you know what you are doing. If you screw up your modem, router, PC, cat, or mother-in-law by following my instructions, it’s not my fault.

First up, let’s configure the ADSL modem. Make sure you have firewall software running on your computer, because part-way through this setup, your computer’s ethernet card will effectively be part of the internet.

Before we start, here’s what I am assuming:

  • You have the RTA1320 already set up for internet access, with your ADSL authentication details set up correctly.
  • Your computer is set to aquire an IP address automatically via DHCP
  • The WRT54GL router is set up with factory standard config.

Modem Setup:

Update: Well, it seems that my half-bridge settings go a bit wonky if you happen to use TelstraClear Ltd (TCL) as your provider. Please read the footnote if you get your ADSL via TCL. Otherwise, carry on!

Plug the modem’s ethernet port directly into your PC (ignore the router for now). In your favourite browser, navigate to the IP address of your modem (I believe it is 192.168.1.1 by default). Now do the following:

  1. Change the IP range of the modem to something that will not conflict with the router. I use 10.0.0.1 for my modem, and 192.168.1.1 for my router. On my modem this is done under Advanced -> Local Network -> IP Address
  2. Also change the DHCP range to match the new IP address, so that we can get a valid address to communicate with the modem if the intenet connection doesn’t come up properly. This is under Advanced -> Local Network -> DHCP Server
  3. Now we set the elusive “half-bridge” or “IP extension” mode. This is fairly deep in the setup, but we get to it like this:
    1. Go to Advanced -> Internet -> Connections
    2. Hit the ‘edit’ button (the little pencil icon) for the existing connection
    3. Hit the ‘Next’ button twice (again, I’m assuming your connection is all set up and perfect already).
    4. You should see a page like the one below. Untick the NAT box, and tick ‘PPP IP Extension’.
    5. Hit the ‘Next’ button a few more times, apply the changes, and reboot the modem.
  4. All going well, you should see a few things happen as the modem reboots. When the modem first comes up, your PC should obtain the 10.0.0.10 address. A minute or so later, the modem will authenticate properly and you should see your PC address change to some public IP address (219.x.x.x in my case). If not, then log back into the modem on 10.0.0.1, check the logs, check your settings, etc. If things are totally broken, perhaps reset the modem to factory settings and try again.
  5. So now we have a modem set up in half-bridge mode. If you don’t need to share your connection, and are happy with your computer firewall for security, then you could run with this setup and it should increase the stability of your connection, and probably speed up P2P somewhat, because we’re no longer dealing with the NAT table in the crappy cheap router software inside the modem. Update: except if you’re using TCL as an internet provider of course. In that case just pray that the rest of the setup will work, or you can hunt in the router for its default gateway address and manually add this as a gateway route on your PC…I’ll leave that as an exercise for the reader.

Router Setup

  1. Plug your computer into one of the ethernet ports on the router.
  2. Upgrade the firmware on the WRT54GL to the latest version of DD-WRT Tomato Firmware (Tomato is much nicer and has a nice clean interface compared to DD-WRT). I’m not going to go into specifics here, the Tomato FAQ has plenty of information. The one thing I will say is: do not forget to reset to factory defaults a second time AFTER you have upgraded. Forgetting this step cost me an hour or so of frustration.
  3. Log in to the DD-WRT config page, go to Administration -> Management. Scroll down until you see the IP Filter Settings, and adjust them as below:

    Update: A couple of applications (IRC and Battlefield 2142 so far), seem to misbehave with the timeout set this low. A safer setting would appear to be 300 seconds for both TCP and UDP timeout.
  4. Save the settings, reboot the router, and plug the modem into the ‘internet’ port of the router.

That’s pretty much it. Browse around the DD-WRT Wiki pages, because they have heaps of information on things like QoS, which may help if you’re sharing P2P traffic with other kinds of traffic on your network.

Footnote: TCL has a strange setup whereby the public address of your modem and the default gateway of their network are on different subnets. Normally this works OK because the modem knows about it, but in half-bridge mode connected directly to your PC, the PC tries to use the public address as the default gateway, and packets get nowhere. Which also means you can’t access the modem’s setup pages once it gets a public address :/

The good news is that it seems the particular router I’m using (and I’m expecting most other routers) are intelligent enough to work this all out (using ARP maybe?), so it all works fine when you plug it all together. Phew!

40 thoughts on “ADSL Routing Solution in Detail

  1. Bob

    Hi, excellent post. I tried to set up my system like your because I have a Dlink router that does not have PPPoa. I set my modem exactly as you said and when connected directly to the pc it worked perfectly, initially assigning and ip address in the modem range and then on connection going to the public one, and I could browse the net. I then connected the pc to the dlink router, and the modem to the dlink’s wan port. I tried setting the wan to everything available on the page, but I could not get the dlink to see the internet through the half bridged modem. yes the dlink was on a different subnet. Which connection should it work on, on the wan setup page please?

    Reply
  2. Ben Post author

    Strange. It should ‘Just Work’ with the router’s WAN set to DHCP (obtain IP address automatically). I don’t know your exact router/ISP settings, but the fact that it works fine from your PC means it should probably work with your router.

    Reply
  3. Bob

    Hi Ben, Its an old DI624+ which for some strange reason was sold in the uk although it does not do PPPOA. I had the DHCP on, and the lan set to 192.168.0.15 while the lan on the modem I set to 192.168.1.1 with dhcp on as well
    On the dlink WAN config page there is only PPPOE dynamic or static, dynamic ip address. Static ip address, big pond, PPTP, and L2TP,
    I even tried putting the modem into full bridge and typing user and pw into the PPPOE to see if it would connect, I didn’t really expect it to, and It didn’t.
    any ideas Ben?

    Reply
  4. Ben Post author

    Dynamic IP address is what you want. If it doesn’t work like that then I’m not sure what you can do.

    Reply
  5. Bob

    Ok Ben thanks for that, now I know that it should be set to that I can play with other things to try and make it work. Does the DHCP definitely have to stay on, on the modem? despite the fact it has no computers connected to it? and the modem has got to be on a different subnet to the router, are the settings I used 192.168.1.1 and 192.168.0.15 ok?
    Oh! when I have the router set to dynamic ip address it has a place to put a mac code and a button to press to clone a mac code, what do I do with that?
    Last questions, promise, thanks Ben. Bob

    Reply
  6. Bob

    Hi Ben, It’s ok mate I have got it working. There was a “DHCP RENEW” button hiding on the status page, pressed that and away she went. Why on earth do they hide things? would have been too logical to put that on thw WAN page with the dynamic ip sellection. Thanks for your guide and your help. Bob

    Reply
  7. Eileen

    Hi there,

    This is a great post. Unfortunately I seem to have gotten bogged down in the whole default gateway thing. The problem is that TELECOM (not Telstra Clear) is issuing a ip address on a different subnet to the default gateway.

    When I plug my PC directly into my RTA1320 on half-bridge mode it sees the the default gateway as being the same as the public IP address with a subnet mask of 255.255.255.255 and it WORKS

    BUT when I plug my Linksys BEFSX41 into the RTA 1320 it sees the default gateway as being the same as the public IP address with a subnet mask of 255.255.255.0 (ie. different subnet mask) and it DOESN”T WORK. Sometimes the next hop shows as a metric of 1 and sometimes as 0 which is odd.

    I don’t know how similar the BEFSX41 is to the other Linksys boxes in terms of it’s underlying OS or what it runs. I can’t seem to telnet to it.

    I need the half-bridge mode to work because I want to use the BEFSX41 as a VPN termination point so it needs an external IP but it doesn’t support PPPOA

    Reply
  8. Eileen

    Hi there,

    This is a great post. Unfortunately I seem to have gotten bogged down in the whole default gateway thing. The problem is that TELECOM (not Telstra Clear) is issuing a ip address on a different subnet to the default gateway.

    When I plug my PC directly into my RTA1320 on half-bridge mode it sees the the default gateway as being the same as the public IP address with a subnet mask of 255.255.255.255 and it WORKS

    BUT when I plug my Linksys BEFSX41 into the RTA 1320 it sees the default gateway as being the same as the public IP address with a subnet mask of 255.255.255.0 (ie. different subnet mask) and it DOESN”T WORK. Sometimes the next hop shows as a metric of 1 and sometimes as 0 which is odd.

    I don’t know how similar the BEFSX41 is to the other Linksys boxes in terms of it’s underlying OS or what it runs. I can’t seem to telnet to it.

    I need the half-bridge mode to work because I want to use the BEFSX41 as a VPN termination point so it needs an external IP but it doesn’t support PPPOA

    Reply
  9. Eileen

    OK – I have figured it out.

    I was not able to get anything useful from Linksys apart from to upgrade the firmware – I have since realized that the author of this post was using a modifed firmware which won’t load onto the router I have (I think the WRT54GL is the only one it will load onto).

    I tried several people at Telecom and got told such useful things as ‘ the default gateway depends on your router’, ‘ there is no such thing as an external default gateway’ and ‘ you’ll need to get a third party technical support person in’ (i.e. I don’t know what I’m talking about so I’ll assume you don’t) but eventually they did confirm that even if you get a static IP address the default gateway will not be on the same subnet.

    Dynalink confirmed that the protocol used is Proxy ARP and that was all they had to say.

    I did however, find this posting http://www.dslreports.com/forum/remark,14201975?hilite=dhcp+spoofing and from that I decided to try ‘making up’ a default gateway. I set up a static IP on my router and gave it a 30 bit subnet mask with a default gateway one higher than my IP address within the subnet. This effectively meant that I had told it to send all traffic that wasn’t for the LAN out the WAN interface to an IP that wasn’t really there. However, the proxy ARP seems to pick up any traffic going out the WAN and ferry it across the PPPOA and low and behold the whole thing works!

    Reply
  10. Ben Post author

    Wow, excellent work Eileen! I’d never have thought that hack would work. I think my router is doing something similar (proxy ARP), because the gateway and external IPs are definitely on different subnets on TCL, but I’ve never had to make any changes to the routing tables or gateways.

    Reply
  11. Rich

    Hi Ben,
    Thanks for this great article.
    I recently bought an RTA1320 to try to solve some stability problems with using a D-Link DSL-302G (I had to reboot the modem every couple of days).
    I am running a setup very similar to yours except I am using an IPCop firewall instead of the WRT54GL.
    I initially had some problems with “Martian Sources” on IPCop causing packets to be dropped. It turns out these Martian Sources were caused by me not thinking to change the subnet of the RTA1320. When I followed your instructions above and changed to 10.0.0.1 instead of 192.168.1.1 (same as IPCop) that issue was resolved.
    However now I am having another really bizzarre issue where I can access some sites and not others. I have no problem with google.co.nz, asbbank.co.nz and xnet.co.nz (my ISP) but stuff.co.nz, and most other sites won’t work. I can ping ok, and when I try surfing I get connected ok and then it waits. If I switch back to the D-Link, then all works fine again.
    Anyway, sorry for the long ramble, but now I will get to the point. I have a couple of questions…
    Which version of firmware are you running on the RTA1320? I think I am using 3.29a, but I will check when I get home.
    Do you have QoS enabled?
    I noticed in one of the screenshots above MTU is set to 1492 in the Lan IP Address Configuration and later MTU is set to 1500 in Configure Internet Connection – WAN IP Settings. Is there any reason for this?
    So yeah I’m just trying to figure out if there is anything I have set differently to you that might be causing may problems.
    If you have any other ideas I would be grateful :)

    Reply
  12. Rich

    Hi Ben,
    Thanks for this great article.
    I recently bought an RTA1320 to try to solve some stability problems with using a D-Link DSL-302G (I had to reboot the modem every couple of days).
    I am running a setup very similar to yours except I am using an IPCop firewall instead of the WRT54GL.
    I initially had some problems with “Martian Sources” on IPCop causing packets to be dropped. It turns out these Martian Sources were caused by me not thinking to change the subnet of the RTA1320. When I followed your instructions above and changed to 10.0.0.1 instead of 192.168.1.1 (same as IPCop) that issue was resolved.
    However now I am having another really bizzarre issue where I can access some sites and not others. I have no problem with google.co.nz, asbbank.co.nz and xnet.co.nz (my ISP) but stuff.co.nz, and most other sites won’t work. I can ping ok, and when I try surfing I get connected ok and then it waits. If I switch back to the D-Link, then all works fine again.
    Anyway, sorry for the long ramble, but now I will get to the point. I have a couple of questions…
    Which version of firmware are you running on the RTA1320? I think I am using 3.29a, but I will check when I get home.
    Do you have QoS enabled?
    I noticed in one of the screenshots above MTU is set to 1492 in the Lan IP Address Configuration and later MTU is set to 1500 in Configure Internet Connection – WAN IP Settings. Is there any reason for this?
    So yeah I’m just trying to figure out if there is anything I have set differently to you that might be causing may problems.
    If you have any other ideas I would be grateful :)

    Reply
  13. Rich

    Hmmm I think I may have found the solution to my problem.
    I found thfollowing on this page at Cisco – http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a008071a7c2.shtml#l2i

    “Why can I access some web pages with PPPoE but not others?

    Access to only some web pages is a common problem when you run a PPPoE client on a router. By design, PPPoE can support an MTU of up to 1492 bytes. Therefore, you must ensure that end devices send out frames no larger than 1492 bytes. Limiting the MTU to 1492 bytes can be a problem because most PCs and end-user workstations have a default MTU of 1500 bytes.

    There are two options for adjusting the MTU size: adjust the MTU size at the router and adjust the MTU size at the PC. ”

    Sounds like putting in the 1492 from your screenshot may have killed me…
    I will test this when I get home.

    Reply
  14. Ben Post author

    Interesting. But I thought we don’t use PPPoE in New Zealand? I’ve noticed seemingly zero difference when I change the MTU – I was trying different settings but it seemed to make no difference.

    Reply
  15. Rich

    Yes you are correct we do not use PPPoE – I am using PPPoA.
    But still changing MTU from 1492 to 1500 has fixed my problem.
    Maybe it only makes a difference with some ISP’s?
    Anyway Problem solved.
    Thanks

    Reply
  16. Edward

    Hi. I’m trying to emulate the setup you’ve got here, but have a question. I’m using the same Dynalink modem, but a WRT54GS, although the same DD-WRT generic firmware so shouldn’t be any difference. About DHCP, does this mean that the only DHCP server on the network is the modem that’s dishing out 10.0.0.x addresses, and the router doesn’t do any DHCP stuff? I tried having both on, but I fear this is what caused me and my mother’s laptops to fail to get IPs via DHCP. I tried disabling it on the modem, but that caused it to brick (I don’t know either), although that’s one for Dynalink support to handle.

    On the other hand, does anyone know how to restore a RTA1320 to factory settings without access to the web panel?

    Thanks

    Reply
  17. Ben Post author

    Yes you need DHCP on both the modem and the router, so that the modem can serve up an address to the router, and the router can serve up addresses to the LAN.

    I’m pretty sure you factory reset the 1320 by holding down the reset button for 10+ seconds.

    Reply
  18. Eileen

    YAY Dynalink!!!!!

    They have developed a new firmware for the 1320RTA to try to address the problem. I just loaded it and it worked!!!

    This means I can do the VPN without a static IP which means I can also use a cheaper plan = $40 per month saving.

    Can highly recommend Dynalink support as I didn’t expect this sort of response from them.

    NB Edward – did you get your problem sorted? I will try to answer when I have more time if not.

    Reply
  19. Eileen

    YAY Dynalink!!!!!

    They have developed a new firmware for the 1320RTA to try to address the problem. I just loaded it and it worked!!!

    This means I can do the VPN without a static IP which means I can also use a cheaper plan = $40 per month saving.

    Can highly recommend Dynalink support as I didn’t expect this sort of response from them.

    NB Edward – did you get your problem sorted? I will try to answer when I have more time if not.

    Reply
  20. Ben Post author

    Is the firmware newer than the currently available 3.29a Eileen? That seems to be the only one available on their site.

    I should mention that my 1320 actually died the other day. One of the capacitors started giving out a horrible whine and it eventually stopped working altogether. Hopefully it’s a one-off.

    I tried to get a replacement but could only find the RTA1335, which as far as I can tell is identical except for having 4 ethernet ports.

    Reply
  21. Eileen

    HI Ben, yes – the firmware has not been released yet – I think they just developed the update in response to my support call – here is the text of their e-mail

    “Hi Eileen
    I have asked our R&D to make a test firmware and see if it can help your situation. Attached is the firmware that you may try working with your Linksys router when the provider is TelstraClear. I look forward to your test result, which will also help other users. Thank you very much.

    Kind regards
    Casey Mak
    Technical Services Manager/ Engineer”

    I got my RTA 1320 from Trademe….. $25. I would check with them regarding whether you can get this firmware for the 1335 before buying it

    Reply
  22. Edward

    Eileen: I did indeed, and it’s working fantastically! Many thanks to Ben for suggesting this and providing the tutorial :D

    What I love about the WRT54GS with DD-WRT is it has two features I’ve been looking high and low for routers that support them. The first is Loopback NAT, so I can type in an externally accessible address (such as my dyndns address) and it’ll redirect it to the proper computer, before I had to type in the computer’s lan address. This makes self hosting so much easier

    The second is IPV6, and I recommend everyone enable this. Before I used the hackish and slow Hexago implementation, which was terribly unreliable (you had to restart it every hour or so), and horrible pings (~2 seconds to Freenode’s IPV6 servers). However with this, the more reliable and quicker 6to4 implementation is ridiculously simple to enable (all it takes is entering two blocks of code into the router’s admin panel), then every computer on your LAN as long as it’s IPV6 ready gets an externally accessible IPV6 address. Instructions here: http://www.dd-wrt.com/wiki/index.php/IPv6#6to4_Setup

    One thing I found with the instructions here is that IRC kept dropping off. With the 90 second TCP timeout, everything was dropped. Most IRC servers will only ping once every 3 minutes or so, thus dropping you off even when you’re active. Bumping the timeout limit to a safe 300 second limit seems to work (Plus if you ever manage to use 4096 connections and need more you can tweak the limit to 240 or something).

    Now for my next experiment. I’ve got a RTA1335 recovered from a botched firmware upgrade. It works, but p2p causes it to die. Anyone know how to upgrade the firmware to an unofficial, tweakable one? :D

    Reply
  23. Ben Post author

    Actually good point Edward – I also had to slightly increase my NAT timeout to 300 seconds because of problems with Battlefield 2142 losing its CD-key authentication connection and dropping me out of the game. It doesn’t seem to have adversely affected p2p (bittorrent) traffic.

    I’m not aware of any custom firmware for the RTA1335, but p2p doesn’t cause my 1335 any trouble at all (because of the half-bridge).

    Reply
  24. Pingback: Gadgetophile » Linksys WRT54GL Router

  25. Pingback: Gadgetophile » Linksys WRT54GL Custom Firmware is Essential

  26. Andy Sameold

    Hi there,

    Nice post!

    What do you see as the downside of not using NAT on both devices? i.e. ADSL and WLAN. Also both networks are on different subnets, but do connected via the ADSL network subnet range.

    Cheers,
    Andrew

    Reply
  27. Andy Sameold

    Hi there,

    Nice post!

    What do you see as the downside of not using NAT on both devices? i.e. ADSL and WLAN. Also both networks are on different subnets, but do connected via the ADSL network subnet range.

    Cheers,
    Andrew

    Reply
  28. Peter

    This issue is casuing quite a bit of confusion i guess. Still trying to understand it myself.

    These things i know:

    telecom NZ uses pppoa
    Telstra clear NZ uses pppoe

    The UK has a similar setup, whereas most parts of the world are using pppoe, hence dont be lulled into following any old advice you find googling.

    With telstras pppoe setup you dont have to go near half bridge, you can use the better full bridge implementation, with no dhcp spoofing hack involved.

    As regards pppoa, routers dont do this, its a modem thing. Therefore, you cant full bridge using pppoe between a router and a pppoa modem.

    You are left with a mottly collection of choices, none of which are ideal.

    The problem described above of “telecom issuing an ip address not on the same subnet as the defualt gateway” relates to the dhcp spoofing implementation in the modem, and not telecoms fault. This is how the modem does half bridge. The better and (later) router firmwares are now starting to build in (yet More) hacks to work a round the basic problem, no pppoe adsl.

    So the instructions of the OP describe a router/firmware combination that understands the half bridge implemetnation of the modem. Just bear this mind if you try it, and read some of the links above if you have problems.

    Reply
  29. Ben Post author

    Nice points Peter, but I’m positive that all providers of ADSL in NZ use PPPoA. Telstra might use PPPoE on their cable network, but they need to play like everyone else until they can get their own ADSL gear in the exchanges.

    Reply
  30. Geert Rolf

    Flowers for Eileen (the 30 bit subnet trick)

    One additional remark: the last number of my external IP nr is 150. Given the mask of 252=11111100 in binary and 150=010010110:
    1) 151= 010010111 is the broadcast address
    2) 149= 010010101 is the gateway address to use (1 less in this case)
    3) 148= 010010100 is the old style address for the broadcast.

    In theory 148 and 151 cannot be used as gateway.

    Reply
  31. Lance

    a bit of a tip:

    NZ ISP’s will recommend pppoa and vc-mux, however you can get an adsl router working with pppoa llc easy, i also recommend setting the adsl mode to g.dmt g.992.1 if your not syncing (line speed) above 7500.

    on top of that i recommend also changing your port your router uses from 80 to something else not used by another network application so not something 25, 110.

    this should work regardless of adsl router you use, as long as you can find the settings.

    Reply
  32. Lance

    a bit of a tip:

    NZ ISP’s will recommend pppoa and vc-mux, however you can get an adsl router working with pppoa llc easy, i also recommend setting the adsl mode to g.dmt g.992.1 if your not syncing (line speed) above 7500.

    on top of that i recommend also changing your port your router uses from 80 to something else not used by another network application so not something 25, 110.

    this should work regardless of adsl router you use, as long as you can find the settings.

    Reply
  33. neo

    Hello,

    I just switched from xTRa broadband to TelstraClear PDQ, however simly switching user name and password on the modem won’t work. I am still using he DLINK ADSL modem from telecom… can you please share to me the correct WAN config to configure DLINK on telstra?

    Techsupport is worthless as i’ve ring them several times and you need to wait 1 hour on the line to get hold of one which will only tell you to reboot the modem… i don’t know how the hell they become no.1 ISP here… i got no BB for 2 days now :(

    Avoid telstra at all cost!

    Reply
  34. neo

    Hello,

    I just switched from xTRa broadband to TelstraClear PDQ, however simly switching user name and password on the modem won’t work. I am still using he DLINK ADSL modem from telecom… can you please share to me the correct WAN config to configure DLINK on telstra?

    Techsupport is worthless as i’ve ring them several times and you need to wait 1 hour on the line to get hold of one which will only tell you to reboot the modem… i don’t know how the hell they become no.1 ISP here… i got no BB for 2 days now :(

    Avoid telstra at all cost!

    Reply
  35. Pingback: Trinity Net » Blog Archive » Setting up a Dynalink RTA1335 in half-bridge mode

  36. BuonaDomenica

    Hello,

    same problem here.

    D-Link 502 DSL Modem from Telecom in Half-Bridge Modem and it issues the WAN IP and default Gateway are the same Subnet 255.255.255.255.

    It was not problem with the stock firmware on my router. Then I updated my router to dd-wrt v24 SP1 firmware and now the router can't access the internet anymore. From what I read the issue is with the WAN IP and Gateway being the same so it can't find the internet.

    Strange that I can login to my router or computer (using Real VNC) from another computer over the internet via dial-up but the router can't get out.

    I'm still not clear on how to use that ARP table spoffing.

    Hope I can get this fixed as I don't want to flash back to the stock firmware on my router. ugh!! dd-wrt firmware Rocks!!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *