Modify

Opened 8 years ago

Last modified 5 years ago

#824 investigate enhancement

Mac-Passthrough feature

Reported by: steven@… Owned by: john.crispin@…
Priority: normal Milestone:
Component: fon-network Version: N/A
Severity:
Cc: Hardware: both

Description

It would be great to have the mac-passthrough feature. This would enable me to use a Fonera between my Digital TV decoder and my adsl/cablemodem. Now I have to use a powerplug between my Cable modem & Decoder and a switch between my Cable modem and my Fonera

At the moment other brands & firmwares allow allready mac-passthrough to avoid extra hardware & costs... Even the new wireless cablemodems come with this feature now ... only the foneras do not allow this yet.

The Decoders request an ip not on the Fonera Dhcp but the WANside of the router...and get another ip range thus....

Attachments (0)

Change History (8)

comment:1 Changed 8 years ago by matthijs

  • Status changed from new to infoneeded

I don't completely understand the setup yet. Initially I thought you meant to make the Fonera use a different MAC address on its WAN side to fool your ISP's DHCP server, but I don't think this is it.

Are you suggesting that some clients (your decoder) are bridged into the WAN network (e.g., takes its DHCP address from your ISP) based on its MAC address?

comment:2 Changed 8 years ago by steven@…

Yes, decoders have a unique mac adress which will get another kind of ipadress and are thus in a "digital tv" vlan so to speak. Someone who tries to explain it as well : https://forum.openwrt.org/viewtopic.php?id=20372

untill recently the only solution would have been "vlan"...eg you could use dd-wrt and choose to put the 1 lan port or one of the 4 lan ports of a fonera into a 2nd WAN port..whatever is branched to this one...is as if it's branched directly to the wan of your fonera and thus get's their own ipadress (10.160.0.0/24 in this case)

but now i'm seeing solutions like "mac passthrough" where you can choose to have certain devices think they are connected to a dump switch and thus get traffic from the wan and such...

I believe one part of the solution is a "dnsmasq" parameter like this: --dhcp-host=00:20:e0:3b:13:*,ignore the next part of the solution would be an iptables rule that would do a 1-1 nat based on mac adres?

This would allow one to use the same cable upto their respective decoder in the house and not need to have a 2nd cable upto the 2nd wan connection or switch next to the cablemodem or adsl modem offering an "iptv" out

comment:3 Changed 8 years ago by matthijs

  • Status changed from infoneeded to investigate

Right, I think I understand what happens. It's slightly funny that the ISP uses two different IP subnets on a single ethernet subnet, but well :-) I don't think I've seen a mac-passthrough feature on any other router so far, but I haven't been buying any new routers recently...

As for implementing this on the Fonera. The easiest way to do this on 2.0n would be to mark one LAN port as a WAN port, and put just that port into "bridge mode". This does need a dedicated cable from the Fonera to the decoder, you can't have a single cable from the Fonera to a switch somewhere and have both your decoder and normal PC's on that switch. To allow that, one could use tagged VLANs, but you'd need a professional switch on the other end for that to work. This VLAN / dedicated port thing also doesn't work over wireless, but I'm not sure if that would work anyway (bandwith-wise).

The solution you propose is to do either bridging or routing based on the MAC address. I'm not exactly sure how to configure this in Linux. Making dnsmasq ignore the mac address is a first step, but there also needs to be some DHCP forwarding for this mac address (normally, DHCP requests from LAN don't reach WAN). As for the iptables part, 1-1 nat isn't gonna work, since the Fonera doesn't have the Decoder IP address configured.

There are some non-trivial routing issues here. If the decoder gets a DHCP lease from the ISP, it will also have a default gateway configured. However, to make sure the Decoder can find its gateway, the Fonera should then do some kind of ARP proxying. The reverse is also true. I'm not convinced a proxy-based solution will work here.

A quick google shows that the Linux vlan tools have some support for mac-based VLANs. However, I'm not entirely sure how it is supposed to work. The old-style tools mention MAC-VLAN support as early as 2003, but these tools might only use with 2.4 kernels with custom patches (though I'm not completely sure about this). The Fonera doesn't have these tools right now (it has vconfig because busybox implements it, but it doesn't have the mac_vconfig that the old tools ship, or used to ship since the Debian version doesn't have it (anymore)).

The "new" way of configuring vlans seems to be to use the ip command. However, the ip manpage doesn't document this (the ip link add command), so I'm uncertain what the options are. Also, the ip version on the 2.0n doesn't support the command either.

There is a macvlan module in the official kernel source, but a quick glance of the source suggests that it only supports destination-mac-based vlans (e.g., to have multiple virtual interfaces on a single physical interface, each with a different MAC address). Also, according to this page, the macvlan module was not addded until 2.6.23 (while the 2.0n runs 2.6.21).

I had hoped that this was easy to configure, but this stuff is so undocumented that I'm unsure if it's even possible at all...

comment:4 Changed 8 years ago by steven@…

Most tutorials I can find about using "vlan" to allow one of the 4 lan ports of eg a fonera 2.0n bridge to the wan part...(eg turn that 1 port into a switch...in thesame vlan as the wan)... is done in dd-wrt... which still uses "nvram" ... I have also not yet seen this for a "fonera"

I haven't tried yet the "bridging" that currently exists because then the entire "dhcp" is turned off... the ISP's ask 5 euro/month per pc extra just to provide an ip or go to the more expensive subscriptions of 40-50euro/month for 2-4 pc's

the "mac passthrough" is a very recent solution offered by this same isp... so they don't have to give a switch/powerplugs anymore... they even offer 4 ports on their cablemodem now...and not like with vdsl 2 lan/2iptv... it's a very nice solution ...people can extend with switches... but at thesame time people can't turn off dhcp anymore... or switch to "bridged" mode... they will have to learn to cope with double nat...double routers... and a 1,2,4 or 20 dhcpclient licenses depending if you pay 20/40/70-99euro a month :(

comment:5 Changed 8 years ago by steven.leeman@…

I believe this is the RFC : http://www.faqs.org/rfcs/rfc4562.html "MAC-Forced Forwarding"

comment:6 Changed 8 years ago by matthijs

I don't think that RFC is related, it concerns how cable providers set up their network to prevent customers from accessing each other's machines (which was a problem in the early days of cable internet).

Bridge mode won't help you, since you need NAT. I was just thinking that bridge mode with the DHCP server enabled might be enough, but the Fonera cannot assign addresses from your ISP's address block. These might be in use by other customers of the ISP and might be blocked at the cable modem anyway. So you really need (selective) NAT.

The usecase is clear to me, but we will need to investigate how this works in Linux and what the requirements are. Don't count on this being implemented anytime soon...

comment:8 Changed 8 years ago by steven@…

in the meanwhile this feature exists in alternative firmwares and also the new FAI modems are now becoming routers with this feature built in incl wifi. Most people that requested this feature have installed dd-wrt on their fonera to have it

comment:9 Changed 5 years ago by Tofiek

Hello! thanks for the help! I have been tnryig to connect my Smart Bro through a router for a little more than three months but I couldn't that I almost lost my patience. And when I found your site, I followed you instructions and finally, FINALLY, I have a wifi connection. Thanks a lot! :-)

Add Comment

Modify Ticket

Action
as investigate The owner will remain john.crispin@….
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.