[ale] isp questions
Alex Carver
agcarver+ale at acarver.net
Mon Jun 15 21:15:07 EDT 2020
On 2020-06-15 15:18, Sam Rakowski via Ale wrote:
> Yeah we have AT&T fiber, just the 50$ 100Mbit service (but they do offer a 1Gbit service for 20$ extra a month), but. If you're eligible, they'll run FTTH (well, might still be FTTN, or to whatever the fiber equivalent of a DSLAM is,) but I can confirm I definitely get my full 100 Mbit, and often even faster.
>
> Here's the thing, though. They actually run fiber into your house, and install an actual ONT in front of their router. You can pass-through your static IP(s) through the web interface via "static" DHCP reservations, but it still does...weird things with the traffic. I can't remember what exactly, but it's not just a L2 bridge.
>
> Things aren't quite as easy as just plugging your pfSense box into the ONT. The box provided does some 802.1x authentication with a cert in the router before the port is enabled, but from what I've read, once it does that, the port is enabled. I've read online, but haven't had the time yet to do this, but if you have an extra port on your pfSense box, you can proxy the 802.1x packets from the box through to the ONT, then use that as your WAN connection.
>
> If you have any luck doing that, please send me/the list a quick write-up and that might spur me into action :) It is possible though, from what I've heard.
Yes their modem firmware disables pure bridging. You can run a firewall
behind it with a static IP (I do) but all your packets go through the
internal connection tracking table first as if it was being NATted. I
had one of their older modems and the connection tracking table was
super small and would fill up quickly because it's shared with all the
other connections going through including the random network probes.
The newer modem has a larger table but it still behaves the same way,
acting like it's trying to NAT your static but passing the traffic on
anyway.
The one thing I've done is modify the table expiration time so that it
doesn't completely fill up. It seems to have helped for the most part.
It's not ideal and kind of infuriating when the stock modem firmware
understands how to bridge but AT&T completely hosed it.
More information about the Ale
mailing list