How to disable NAT and still have internet connection? (I have IPoE not PPPoE)

1

Basically NAT is being a huge pain in the ass for me because the tiny NAT table of my modem/router keeps filling up all the time and then I can't get any packets through for several minutes (this happens for example every time I ping a lot of servers).

Now, I only have one computer so I don't need NAT and I want to get rid of it. I have 1 public IP from my ISP.

I've done some research and it seems one way to do this is to have the modem act as a bridge and use Windows to establish a PPPoE connection. But one problem, PPPoE requires an username/password from the ISP. And I don't think my ISP even supports PPPoE since all the modems they hand out are configured to use IPoE (ENET ENCAP) that doesn't require any kind of credentials to make a connection.

I have tried to simply turn off NAT from my modem, but then my computer loses internet connection. I've done some research and apparently it is because I'm using my LAN IP to send packets to the ISP which then drops them (because my modem is no longer changing the source ip of the packets).

I've tried to send packets using my public IP as the source, but got no responses. Is my modem dropping the responses instead of broadcasting them to my computer in the LAN?

But anyway, my ultimate question is, is there any way to not use NAT and still have an internet connection? Only one computer, only one public IP. And if so, how

user404

Posted 2014-12-31T16:29:40.440

Reputation: 33

the usual workaround is to just reboot the router every so often. Dumbing the router down to pure modem mode would not require the next machine to provide PPPoE info, as the modem would still do that, but it would require another [better] router/firewall (which would still be doing NAT, only more efficiently), as a Windows workstation is really not equipped to do that well. – Tetsujin – 2014-12-31T16:34:59.257

All depends on the ISP, if they do DHCP then all you would have to do is plug your ethernet connection in from the ISP to the back of your machine and make sure you ethernet adapter is set to use DHCP. If it's PPPoE you must have configured the modem long ago with the username/login, also ISPs like to use MAC addresses of their modems to set lease reservations, you may need to duplicate the MAC address of the modem on your machine to get the DHCP request. Lots of different factors at play here. – Optichip – 2014-12-31T16:38:04.100

I really wouldn't recommend hanging a Win desktop straight onto the 'raw' internet. Win firewalls are not exactly industrial grade – Tetsujin – 2014-12-31T16:40:26.680

@Tetsujin You write "Dumbing the router down to pure modem mode would not require the next machine to provide PPPoE info, as the modem would still do that, " <----- Obviously it's not "pure modem" mode if it is doing PPPoE. I have a router-modem and when I put it in bridge mode, it doesn't do PPPoE. – barlop – 2014-12-31T17:02:36.077

Your research re PPPoE is spot on. You can go online without NAT and with a public IP given to your computer(not necessarily that secure but you can). I'm not that familiar with IPoE, googling "IPoE in Windows" gets no results. But if it is an alternative to PPPoE then I wouldn't see why Windows couldn't have an application that does it. Perhaps your ISP knows? Have you spoken to them? – barlop – 2014-12-31T17:06:33.723

I have my own setup dumbed down to pure modem. My router doesn't have to deal with the connection, only the 'internet'. The modem still does its connectivity thing [way out of my pay grade] leaving me to handle the routing/firewall etc in the second machine. My router 'appears' to all intents & purposes to be the only machine hanging off the line, the modem becomes 'invisible' – Tetsujin – 2014-12-31T17:09:57.250

@Tetsujin you are inventing terminology here "pure modem" and "dumbing down" your router to "pure modem". Is that what your device calls doing PPPoE "dumbing down" to "pure modem"? I can tell you that when my router-modem is in bridge mode it is doing less so is "purer" than what you call a "pure modem", because it is then set to not do PPPoE. – barlop – 2014-12-31T17:11:24.090

All I really know is what it says on the access page - "Modem Mode

When active, Modem Mode disables the wireless and routing functions of your Super Hub so you can use your own wireless router. For more information please visit http://www.virginmedia.com/help.

Disable Modem Mode

You can disable Modem Mode from the main menu, or alternatively you can restore your Super Hub back to its original settings by using the reset button on the side of the Super Hub.

Alternatively, a wireless router or network switch can be attached to your Super Hub whilst in Modem Mode."

– Tetsujin – 2014-12-31T17:13:35.297

To original Poster- You write "I've tried to send packets using my public IP as the source" <-- what method did you use there. – barlop – 2014-12-31T17:15:29.450

@barlop just injecting packets to the NIC – user404 – 2014-12-31T17:57:01.857

@Optichip I tried something like this by setting my gateway into bridge mode. My computer just lost internet, and kept sending ARP requests that didn't get answers, and some DHCP but I didn't get an internet connection. Also I don't think my ISP is strict about MAC's because I can pretty much use any modem/router I want – user404 – 2014-12-31T18:02:01.057

At this point have you tried to upgrade modem/router firmware? I'm also wondering what model/brand you have? – Optichip – 2014-12-31T18:15:16.057

@Optichip I have a ZyXEL P-660HW-D1 using the latest firmware – user404 – 2014-12-31T18:54:18.117

somehow I knew you were going to say that, they do seem to have issues with NAT table filling up, think you can only have 1024 entries in them if I'm not mistaken. Totally worth a shot in the dark if you have $ to burn on a new modem is to attempt to flash your current one with open-wrt ;x It's living on the edge though. And I'd only suggest it if you were going to look at buying a new modem anyway. – Optichip – 2014-12-31T19:02:36.993

@user403449 I am curious, could you tell me what program you used to set the source ip address when 'injecting' packets to the NIC? – barlop – 2014-12-31T19:34:41.860

@Optichip openwrt doesn't seem to support this particular model, and I don't think anyone has gotten it running successfully on it. Maybe I should just buy a better modem, but I dunno which one would be the best. Some asus models have a NAT table of 300 000 entries (vs my zyxel's 2048) but I don't think even that is enough if I want to ping a lot of servers quickly. – user404 – 2014-12-31T19:48:28.633

@barlop a custom network driver. – user404 – 2014-12-31T19:59:46.813

@user403449 The reason why I asked that is because i'm interested in doing that, so are you able to provide information that'd enable me to do it? e.g. a download link for the custom driver (I know it'd be particular to your network adaptor but that's fine), or a person that writes the "custom network driver" to do it? – barlop – 2014-12-31T22:53:27.367

The Zyxel device you mention says nothing of an IPoE option though it mentions PPPoE – barlop – 2015-01-01T07:41:15.140

Answers

1

Got it working by setting the modem-router into bridge mode, and then using ipconfig /release and ipconfig /renew to request an IP for my machine from the ISP's DHCP server.

Important: I had to initially disable the windows firewall before using ipconfig /renew, or the request would time out.

user404

Posted 2014-12-31T16:29:40.440

Reputation: 33

Looks like a PEBCAK to me. Bridge mode was mentioned, you don't address the logging in in your answer, which you asked of in your question. You asked about IPoE being an issue. State what makes you think it is doing IPoE? Your router doesn't even mention IPoE though does mention PPPoE and PPPoA http://www.zyxel.com/uk/en/products_services/p_660hw_series.shtml?t=p

– barlop – 2015-01-01T07:48:39.790

@barlop I didn't have to take any extra steps to log in. I'm not using PPPoE/A so I don't need to use any username or password. My router is set to use RFC 1483 for bridging. – user404 – 2015-01-01T12:56:46.643

Okay, makes sense I suppose. Unfortunate that it was just you missing a basic troubleshooting network step unrelated to the specifics of IPoA. But fine – barlop – 2015-01-01T15:41:38.647

0

You can disable NAT on your ISP provided gateway if it allows "ip passthru". Basically the ISP provided gateway device will "passthru" the public ip to a single device on your internal network plugged into the gateway.

If this one device the IP is passed to is a Linux box, then that box will have a public ip. if you put a second NIC in it, you can then "masquerade" however many devices behind it you desire by using iptables. in effect the Linux box will have a public ip, and be "nat'ing" for all the devices behind it. (actually, using PAT, as there is only a single public IP)

This means you can have a Linux workstation with a public ip, and still dozens of machines on a private LAN behind it. the workstation is effectively a masq'ing firewall.

Although this is how you do it, I would recommend against it.

nandoP

Posted 2014-12-31T16:29:40.440

Reputation: 111

sounds like you are describing what is also called bridge mode but then what device is going to do the PPPoE or in his case, the "IPoE"? – barlop – 2014-12-31T17:44:22.637

My gateway has no ip passthrough option :/ – user404 – 2014-12-31T18:05:43.567

Asked: 2014-12-31T16:29:40.440

Viewed: 13 630 times

Active: 2015-01-01T15:48:49.277