Skip to content

Instantly share code, notes, and snippets.

@cleverca22

cleverca22/README.md Secret

Last active November 14, 2018 03:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save cleverca22/84e8794d3b050f61bd865ca2aa8d8752 to your computer and use it in GitHub Desktop.
Save cleverca22/84e8794d3b050f61bd865ca2aa8d8752 to your computer and use it in GitHub Desktop.
Download ZIP
network setup
Raw
README.md

an I-240G-U "modem" connects to the main fiber coming into the house

https://www.scribd.com/document/393153219/I-240G-U-manual is a copy of the manual i found online

coming out of it are 2 telephone ports, 4 gibabit ethernet, and 0 coax ports (the 240 in the model#)

it appears to be designed as a self-contained router, but it must not have suited the ISP's needs

1 telephone port and 3 ethernet are disabled, the ethernet wont even get a link LED when connecting

the 1 remaining ethernet port has at least 3 VLAN's on it

  • vlan 33 appears to be a backdoor, the ISP router bridges it into the private lan
  • vlan 34 is the tv service, with a 10.x.y.z address space, and multicast packets
  • vlan 35 is the internet service, dhcp to get a public ip

currently, the ISP router is configured to use pppoe on its "uplink", and the ISP patches cause that to be on vlan 35

the nixos_router is then running a pppoe-server on its uplink (also vlan 35), which its sharing between the modem and ISP router

vlan 34 is then left purely to the ISP router, which handles tv service over it

i have not been able to get vlan 34 and its multicast traffic to work on the nixos router

Raw
compile
dot network.dot -Tsvg > network.svg
dot network.dot -Tpng > network.png
Raw
network.dot
digraph {
ISP -> ONT [label="fiber"]
ONT -> phone [label="regular old analog phone lines"]
ONT -> switch1 [label="vlan 34+35"]
switch1 -> isp_router [label="vlan 34"]
switch1 -> nixos_router [label="vlan 35"]
nixos_router -> switch2
switch2 -> dlink_ap
switch2 -> nas
switch2 -> c2d
switch2 -> switch3
switch3 -> amd
switch3 -> raspberrypi
dlink_ap -> laptop [label="wifi"]
dlink_ap -> cellphone [label="wifi"]
dlink_ap -> tablet [label="wifi"]
}
Display the source blob
Display the rendered blob
Raw
network.svg
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Raw
random bits.md 
  systemd.services = {
    network-vlans = {
      description = "network vlan-start";
      before = [ "network-pre.target" ];
      wantedBy = [ "network-pre.target" ];
      unitConfig.ConditionCapability = "CAP_NET_ADMIN";
      serviceConfig.Type = "oneshot";
      serviceConfig.RemainAfterExit = true;
      path = [ pkgs.vlan pkgs.iproute ];
      script = ''
        ip link set ${WANMASTER} address a8:39:44:90:30:3a
        vconfig add ${WANMASTER} 34 || true
        vconfig set_egress_map ${WANMASTER}.34 0 4 || true
        vconfig add ${WANMASTER} 35 || true
        ip link set ${WANMASTER} up
      '';
    };
  };

a custom systemd service to bring up the 2 vlans

iptables -w -t nat -A nixos-nat-post -s 192.168.2.0/24 -o ${WANMASTER}.34 -j MASQUERADE

this was to configure a second NAT on the IPTV uplink, since the OS only supports 1 uplink NAT

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment