|
|
|
Hi everyone, I wanted to enquire of the collective knowledge...
I just had my CityFibre / Giganet install completed, and everything's working great. They supplied a Technicolor DGA4134 router running Damson 19.4 firmware, which doesn't look to be branded or customised to Giganet.
I have my own (reasonably complex, multiple subnets) network which terminates behind an existing firewall. In order to avoid double-NAT, I wanted to disable NAT on my firewall and connect its external interface to the internal side of the Technicolor. I set the default route on the firewall to point to the internal IP of the Technicolor. The only other configuration required would be to add static routes on the Technicolor for each of my internal subnets pointing to the external interface IP of the firewall as the next hop.
I tried doing this in the Technicolor GUI, for example:
Destination: 192.168.25.0
Mask: 255.255.255.0
Gateway: 192.168.1.2 (external interface of firewall, Technicolor internal IP is 192.168.1.1)
Metric: 10
Interface: lan
However it refuses to accept the entry, highlighting the Destination field in red, with the popup bubble "Cannot use the network address". I'm confused, as the network address is surely exactly what should be entered for a static route!
Instead I tried entering some random addresses within that network (192.16.25.1, 192.168.25.254 and others). They were accepted by the GUI and shown in the routing table, but the routing didn't actually seem to work. I also tried 10.0.0.0/24 with similar results.
Has anyone encountered this before? I think this router is supplied by a number of ISPs at the moment.
I then wondered about trying to configure the routing entries via CLI instead of the web GUI. SSH is listening on the internal interface, but I can't find the correct login. I had read that for earlier models the username was "engineer" and the password was the "Access Key" printed on the back of the router. I tried that and it doesn't seem to work. Nor does "admin" as used for the web GUI.
Does anyone know if it's possible to access the CLI on the DGA4134?
Many thanks!
Kippy
|
|
|
Why not run directly from the ONTs copper port directly into your own firewall - take the Technicolor DGA4134 out completely?
https://support.giga.net.uk/hc/en-gb/articles/360010...
|
|
|
|
I'd have preferred to do that, but the firewall is a Fortigate and whilst it is excellent in most other respects, one weakness is that PPPoE connections are handled purely in software rather than being hardware-accelerated. That means that for my particular model (60E) the PPPoE throughput tops out at about 250Mbps with the CPU maxed out. By moving the PPPoE connection to the ISP router I can get full bandwidth accelerated through the ASIC, and CPU usage is negligible.
Thanks,
Kippy
|
|
Register (or login) on our website and you will not see this ad.
|
|
|
|
Hi Kippy,
I'm in the same boat with Trooli, I need to use their provided Technicolor router but couldn't add static routes from the web interface.
I've managed to get round this by SSH'ing on the router (U: engineer P: **Access Key**) and using the command route add --net 10.10.0.0/16 --gw 192.168.1.1 --metric 1 to add this to my router.
Cheers,
JT
|
|
|
|
Thanks JT, but as I mentioned in my original post the engineer/access-key credentials don't work on my box for SSH. I tried raising a support ticket with GigaNet but they didn't really have a clue and could only suggest removing the Technicolor router and connecting my firewall directly to the ONT. That would probably work, but has performance limitations as I described earlier in this thread.
If the engineer password has been changed by my ISP then maybe I could take the sledgehammer approach and do a factory reset to see if it reverts to what's printed on the label, but I didn't want to risk screwing things up.
I've been running with double NAT for the last couple of months, and I must admit the only problem I've noticed was inbound FTP to my home server. Passive mode wouldn't work, but switching to Active mode fixed it. Everything else has been OK, including IPSec connections which I thought would be problematic (site-to-site IPSec VPN and dialin L2TP VPN). Using NAT-T with UDP 4500 worked perfectly.
Kippy
|
|
|
Sorry to hijack this thread but I'm also in need of some help with the Technicolor DGA4134 on Giganet.
I for the life of me can't manage to get any ports forwarded, they always remain closed. I have just done a factory reset before which I had all my ports forwarded for gaming yet they all still reported as being closed. Here is what I have now but port 5000 remains closed.
I'm also trying to find QOS settings but all I can seem to find a simple priority check box under Devices that doesn't seem to make any difference. Are there some more hidden QOS settings hidden away somewhere I'm just not seeing?
Cheers!
Edited by BumFlannel (Fri 11-Nov-22 13:06:25)
|
|
|
You are likely using CGNAT if port forwarding doesn't work, you can check if your router is getting assigned an address in the CGNAT range (100.64.0.0 to 100.127.255.255) which won't match your public.
Giganet will let you have a static IP for an additional £1/m see https://www.giganet.uk/faq/can-i-have-a-static-ip-ad...
I can't help on the QOS but its likely not configurable, it probably prioritises new and small traffic etc.
|
|
|
|
I already have a static IP address with them
|
|
|
From your screenshot it looks like you've configured the firewall rules to allow the inbound traffic, but not actually set up the port forwarding to go with it.
Try this little animated guide, it should help: https://sse.tmtx.co.uk/en/topic/broadband_dga0122wif...
You need to be in the WAN Services section for port forwarding.
Hope that helps,
Kippy
|
|
|
Sorry to hijack this thread but I'm also in need of some help with the Technicolor DGA4134 on Giganet.
I for the life of me can't manage to get any ports forwarded, they always remain closed. I have just done a factory reset before which I had all my ports forwarded for gaming yet they all still reported as being closed. Here is what I have now but port 5000 remains closed.
I'm also trying to find QOS settings but all I can seem to find a simple priority check box under Devices that doesn't seem to make any difference. Are there some more hidden QOS settings hidden away somewhere I'm just not seeing?
Cheers!
You don't want to specify a source port in a firewall rule, you can very rarely guarantee what port a connection is going to come from.
|
Pages in this thread: 
Print Thread
kippy
