VLANs and subnets...?
Options
Comments
-
I just bought a cheap HG612 from ebay, unlocked it and set it up in bridge mode. That connects to my Draytek 2860 WAN port without any prattling about.
HG612 is just acting as a modem and is transparent to the router0 -
Have I done something daft somewhere...? :huh:
Yep -- I just found a firewall rule I'd missed on the Sky router. Oops. Got rid of that and everything works!
In fact... web pages now load almost instantly. There was always a long delay before.
:T
The next task is to get IPv6 working...0 -
As mentioned earlier, if you simply connect the router to your Draytek, and set the Draytek WAN port (I believe it's WAN2 on the 2830) as client mode, you will get Internet connection without touching anything else (you won't need any ISP details).I'll look at the settings on the Sky router to see if I can find the setting for bridge/transparent mode... But I don't understand why I'd need to enter the ISP WAN settings on the DrayTek... Wouldn't the Sky router log in to the ISP, then just use LAN Ethernet to connect to the DrayTek...?
Also, the ISP dynamically allocate my public WAN IP, so I wouldn't want to manually specify it in the DrayTek...
Whatever is on the WAN port is, in technical terms, a 'next-hop' for the router to forward packets to when the address requested is not in the local LAN. In short, no, you don't need any subnet or VLAN.What I thought I'd need to do is to set the LAN IP of the Sky router to, say, 192.168.1.1, set the DrayTek to 192.168.100.1 (both with 255.255.255.0 subnet mask), and then (somehow?) connect the two subnets...0 -
You can do double NAT, but since the Draytek will be the only thing connected to the ISP's router, it would probably be much easier to put it in the DMZ.onomatopoeia99 wrote: »Double NAT. You can do that. The Draytek would route between the 100 subnet on its LAN side to the 1 subnet on its WAN side, which would be the LAN side of the Sky router.0 -
Don't confuse your internal IPv6 with the ISP IPv6.When I enable IPv6 on the DrayTek, it initially appears to work. The websites below show success (aside from Sky not having IPv6 DNS servers). However, when I reboot from Win7 into Linux, test-ipv6.com reports an error about MTU size and packet fragmentation. This error does not occur when booting to Windows OR in Linux if I use only the Sky router. (Weird, right?)
Whatever you do in your internal network doesn't affect the external world, so a website like test-ipv6.com can't tell you what your internal IP address is (or even if it's version 4 or version 6).
MTU is a different problem, the default is normally 1500 or 1492, but you can obtain it from the ISP.0 -
You can do double NAT, but since the Draytek will be the only thing connected to the ISP's router, it would probably be much easier to put it in the DMZ.
Thanks. You're right -- I don't need NAT on the ISP's router. But keeping it enabled means that I can easily connect a device to the ISP's router if I ever need to test the internet connection.
But... you previously said a DMZ wasn't the way to do things:In regards to DMZ: no, DMZ is only useful if you want to isolate one single device and make it visible to the internet. Since the ISP router will not be part of your LAN, it can't be put in a DMZ (it wouldn't make sense anyway).
What are the pros & cons of putting the ISP router in a DMZ instead? Does it make port-forwarding easier? Or setting up DHCPv6? Would it make it easier for hackers to exploit vulnerabilities on the ISP router? :-/0 -
Don't confuse your internal IPv6 with the ISP IPv6.
Whatever you do in your internal network doesn't affect the external world, so a website like test-ipv6.com can't tell you what your internal IP address is (or even if it's version 4 or version 6).
Really? Wouldn't every device on my LAN have a global unicast IPv6 address that would be used for web connections...?
Below are my notes on what I've figured out so far. Have I misunderstood something?
An IPv6 node can have multiple IP addresses at the same time. These are some of the different types of IPv6 address that might exist on a device like my PC:
I presume the following types would be used by servers sending me data, and would end up resolving to my network interface's unicast address...? (i.e. my PC won't be assigned one of these addresses...?) I presume the server would automatically assign/use these addresses, so I don't need to worry about them...?The loopback address:
::1
Equivalent to IPv4 127.0.0.1
Link local addresses:
Begin with fe80::
Not routed (even locally)
Similar to IPv4 169.254.x.x autoconf addresses
Assigned automatically using NDP (Neighbor Discovery Protocol)
Unique local addresses:
Begin with fc (if globally-assigned)
Begin with fd (if locally/manually assigned)
Routed locally; not on WAN
Similar to IPv4 private ranges like 192.168.x.x
Global unicast addresses:
Begins with 2000: to 3fff:
Like public IPv4 address (no NAT for LAN devices)
Corresponds to a single network interface on a device.
Routed across Internet
So I think my next task is to figure out how (and what type of) IPv6 addresses are assigned by my ISP (and ISPs in general), and how/if I need to assign them on my LAN... :-/Anycast addresses:
Same range as global unicast addresses
Corresponds to a group of network nodes
Resolves to the "nearest" device's unicast address
Multicast addresses:
Begins with ff0
Sent to a group of nodes (a "selective broadcast")
Cheers for your help -- I'll do some more reading.
0 -
What are the pros & cons of putting the ISP router in a DMZ instead? Does it make port-forwarding easier? Or setting up DHCPv6? Would it make it easier for hackers to exploit vulnerabilities on the ISP router? :-/
As the person you've quoted has said you can't put the ISP router in the DMZ, it's already open to the internet so the DMZ is a setting for devices connected to the ISP router. In your case it makes sense to put your second router into the ISP router's DMZ as you want the Zyxel router to be handling as much as possible and the ISP router to be passing everything on otherwise you're going to have to manually set up both routers do handle port forwarding.0 -
No, what I said was that you don't need to use DMZ on the Draytek, but you do need to use the DMZ on the ISP's router if you want to use port-redirection.But... you previously said a DMZ wasn't the way to do things:
What are the pros & cons of putting the ISP router in a DMZ instead? Does it make port-forwarding easier? Or setting up DHCPv6? Would it make it easier for hackers to exploit vulnerabilities on the ISP router? :-/
If you want to forward port 8080 to 192.168.100.100 (example):
Double NAT: On your ISP router, you forward traffic from Internet on port 8080 to 192.168.100.1 (the Draytek). On the Draytek you then forward port 8080 from WAN to LAN on address 192.168.100.100
DMZ: Since the Draytek will be in the DMZ on the ISP's router, all ports will be forwarded to it automatically, so you only need one redirection (from Draytek to 192.168.100.100).
So, back to your question, you are not putting the ISP's router in the DMZ, but you are putting the Draytek in the ISP's router's DMZ.0 -
No, your internal IP addresses are just that, internal. What communicates with the external world is your router, not your devices directly. That's NATing: you open https://www.google.co.uk from your computer, but what Google sees is the IP address of your router, not of your computer. Once Google replies, your router then knows that that data packet is meant for you, because it has kept trace of where the request came from (you) and where the replies need to go (you).Really? Wouldn't every device on my LAN have a global unicast IPv6 address that would be used for web connections...?
The only way that Google can identify you, among other devices using your own network and therefore sharing your public IP, is by using cookies, which is completely separate than networking.
NoBelow are my notes on what I've figured out so far. Have I misunderstood something?
An IPv6 node can have multiple IP addresses at the same time. These are some of the different types of IPv6 address that might exist on a device like my PC:
I presume the following types would be used by servers sending me data, and would end up resolving to my network interface's unicast address...? (i.e. my PC won't be assigned one of these addresses...?) I presume the server would automatically assign/use these addresses, so I don't need to worry about them...?
So I think my next task is to figure out how (and what type of) IPv6 addresses are assigned by my ISP (and ISPs in general), and how/if I need to assign them on my LAN... :-/
Let's do this, draw a line between your devices and the internet. Whatever you do with your devices stops at the router (let's simplify it that way).
Your internal IP addresses are internal and never leave your network. The Draytek manages all the connections between your network and the external network (in this case the Internet). It is like a bridge between you and the external world, but the bridge is all the external world can see, they have no idea what lies beyond the bridge.
Broadcast, unicast and multicast packets all stop at the router, they never leave your network because routers don't forward them to other networks. Some of those packets are necessary for a network to function (DHCP requests, ARP requests, etc.) and both IPv4 and IPv6 have a similar way of handling those functions.
Now, your internal IPv6 addresses are not something you should be interested in. What I mean is that, very often, IPv6 is something that works 'behind the scenes' and it's rarely something you need to configure.
On the other hand, IPv6 on the Internet (this is where your ISP comes into play) has become more and more critical, due to the fact that we have run out of IP addresses (version 4), therefore the only thing that could be done was to use a different format (version 6) to allow more addresses (unless you are running billions of devices in your LAN, you will never have such a problem).
Some ISPs provide public IPv6 addresses to their clients, others still have a few spare IPv4 addresses to allocate. In both cases, pretty much nothing changes for you. The only thing that does change is that your public IP might be a version 6, so if you need to connect to your router for whatever reason, you need to use the much longer IPv6 address.0
This discussion has been closed.
Categories
- All Categories
- 343.2K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.7K Spending & Discounts
- 235.3K Work, Benefits & Business
- 608K Mortgages, Homes & Bills
- 173.1K Life & Family
- 247.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards