AXXESS Public Static IP Address Setup

[jlab]

Has anyone successfully setup a AXXESS public static ip address that they provide for free?

I have bought a new Billion BiPAC 7402NX Router specifically to set up the L2TP VPN connection.

But can't get any port-forwarding to work successfully.

All I want to do is access a Apache server running on my local LAN which I want to demo sites I'm working on.
And sometimes login with VNC.

I have used DynDNS for this but sometimes the clients routers or browsers caches their DNS entries and didn't work that well.

I have tried logging into the Router using Telnet and running the following commands:

nat add globalpool test1 @ip_pppdevice16 internal <mystaticip> endaddress <mystaticip>
nat add resvmap map1 interfacename @ip_pppdevice16 192.168.5.100 tcp 80 80 80 80

This seems to be the only way to add a port forward rule and selecting the L2TP interface; since you can't select a interface for Virtual Servers on the Web front end.

But it doesn't seem to be working at all. I have disabled my firewall etc.

Any help or info will be appreciated.

 

[The Axxess Lady]

Hi jlab,

We have a guide on setting up port forwarding on a Billion 7402 on our website https://www.axxess.co.za/help.php

Hope this helps with you dilemma.

The Axxess Lady

 

[jlab]

Hi jlab,

We have a guide on setting up port forwarding on a Billion 7402 on our website https://www.axxess.co.za/help.php

Hope this helps with you dilemma.

The Axxess Lady

Thanks The Axxess Lady

I have used the instructions from the guide and it finally answered my question on how to add a port forward rule for the L2TP interface since the Web front end on the router doesn't allow you to specify a interface and defaults to the ipwan interface.

But following the instructions from the guide it is still not working.

I have contacted Billion SA and they put me in contact with a engineer at Nology with Billion Technical Support but we are still struggling to get things up and running.

I have a suspicion that my L2TP interface doesn't know how to access my local LAN and probably needs a route added.

My only hope at this time is that someone who already has set this up successfully can help me.

 

[grim]

Haven't set it up myself but I'm guessing you'll need something like this:

ip add route localLan 192.168.5.0 255.255.255.0 interface @ip_pppdevice16

Make a backup of your config before making any changes.

Also post a ip list route here if you don't come right

 

[jlab]

I have found the following solution to work:

Under Advanced -> Configuration -> VPN -> L2TP:
You must check the "Active as default route" checkbox.

Then Telnet into your router.
And run the following commands:

nat add globalpool gp1 @ip_pppdevice16 internal <yourstaticip> endaddress <yourstaticip>

nat add resvmap httpd globalip @ip_pppdevice16 <yourstaticip> 192.168.1.100 tcp 80 80 80 80

The second line is the port forward entry which which forwards traffic from the L2TP connection to your device or computer on your LAN.

Thanks the The Axxess Lady I am a very happy customer now

 

[Hummercellc]

I have found the following solution to work:

Under Advanced -> Configuration -> VPN -> L2TP:
You must check the "Active as default route" checkbox.

Then Telnet into your router.
And run the following commands:

nat add globalpool gp1 @ip_pppdevice16 internal <yourstaticip> endaddress <yourstaticip>

nat add resvmap httpd globalip @ip_pppdevice16 <yourstaticip> 192.168.1.100 tcp 80 80 80 80

The second line is the port forward entry which which forwards traffic from the L2TP connection to your device or computer on your LAN.

Thanks the The Axxess Lady I am a very happy customer now

Would you know how to DMZ instead of just forwarding ports one by one?

EDIT:

billion say i should use this to DMZ....

[user]# telnet 192.168.1.254
Trying 192.168.1.254...
Connected to 192.168.1.254.
Escape character is '^]'.
Login: admin
Password: *****
Login successful.

admin> nat add globalpool gp1 ipwan internal <static IP> endaddress <static IP>
admin> nat add resvmap rm1 globalip ipwan <static IP> <Local IP> all
admin> system config save

 

[jlab]

Would you know how to DMZ instead of just forwarding ports one by one?

EDIT:

billion say i should use this to DMZ....

[user]# telnet 192.168.1.254
Trying 192.168.1.254...
Connected to 192.168.1.254.
Escape character is '^]'.
Login: admin
Password: *****
Login successful.

admin> nat add globalpool gp1 ipwan internal <static IP> endaddress <static IP>
admin> nat add resvmap rm1 globalip ipwan <static IP> <Local IP> all
admin> system config save

Try

nat add globalpool gp1 @ip_pppdevice16 internal <yourstaticip> endaddress <yourstaticip>
nat add resvmap rm1 globalip @ip_pppdevice16 <static IP> <Local IP> all

This should forward all traffic from the static ip address to the local ip address.

I'm not sure how to do the DMZ stuff though hope this helps.

 

[Ivork]

@Jlab What happens when you power that router off and on?

Does it reconnect your port forwards?
What firmware version you using?

Thanks

 

[jlab]

@Jlab What happens when you power that router off and on?

Does it reconnect your port forwards?
What firmware version you using?

Thanks

I am using the latest (last time I checked) firmware 6.04e.dg5 downloaded from the Billion site.

The port forward entries will only persist after reboot when running the following command after creating them:
system config save

Hope this helps.

 

[Ivork]

I am using the latest (last time I checked) firmware 6.04e.dg5 downloaded from the Billion site.

The port forward entries will only persist after reboot when running the following command after creating them:
system config save

Hope this helps.

Right thanks.
I'll try that firmware (mines the 6.04e.dg6) Then I'm sending mine back.
Only thing is it's a GX not a NX so hope it works / not brick it.

When I reboot it tries to create the forwards at startup - (which it can't because the VPN isn't connected yet) and simply gives up and doesn't try again. Logs errors about "Error adding NAT reserved mapping pool bla bla bla"

 

[Pada]

... and this is why we let our MWEB L2TP VPN terminate on our MikroTik router and not on the crappy Cisco router that was bundled with their business uncapped. Its just so much easier to manager the rules with a GUI (Winbox) than to run command-line actions.

We're also terminating our Neobroadband Fibre on our MikroTik router, which gives us an additional IP address that we would've lost otherwise

I hope you get your problem fixed!

 

[SarelSeemonster]

Right thanks.
When I reboot it tries to create the forwards at startup - (which it can't because the VPN isn't connected yet) and simply gives up and doesn't try again. Logs errors about "Error adding NAT reserved mapping pool bla bla bla"

Just an idea...not tested:

Maybe you can check whether the VPN is up by pinging a random website URL, and only if a reply is received send the "nat add resvmap" commands to the router.

Something like:

#!/bin/bash
host=192.168.1.254 # The router's LAN IP
port=23 # The "telnet" port
pwd="mysecretpasswd" # Router's password
cmd="nat add resvmap [etc...]" # The command you want to send
inetserv="www.google.co.za" # Some website address that is only reachable when your VPN is up

online=`ping -c 1 ${inetserv} | awk '/received/ {print $4}'` # See if VPN is up

# If it is, create the port forwarding rule(s)
if [ "$online" -eq "1" ]; then

( echo open ${host} ${port}
sleep 1
echo -e ${pwd}
echo -e "\r"
sleep 1
echo ${cmd}
sleep 1
echo -e "\r"
sleep 1
echo exit
) | telnet

else
echo L2TP not up yet
fi


I guess the linux "expect" utility would be better suited to scripting an interactive telnet session though.

 

[Ivork]

Well the GX won't let me flash it with the NX firmware.
I'll take it back and get the NX.

@Jlab - you have tested this right - not just presuming cause the config saved it will work?

 

[jlab]

Well the GX won't let me flash it with the NX firmware.
I'll take it back and get the NX.

@Jlab - you have tested this right - not just presuming cause the config saved it will work?

@Ivork I have rebooted the Router quite a few times and I'm connected to the VPN and my resvmaps and globalpools entries are still intact and working.

 

[witelsbos]

... and this is why we let our MWEB L2TP VPN terminate on our MikroTik router and not on the crappy Cisco router that was bundled with their business uncapped. Its just so much easier to manager the rules with a GUI (Winbox) than to run command-line actions.

We're also terminating our Neobroadband Fibre on our MikroTik router, which gives us an additional IP address that we would've lost otherwise

I hope you get your problem fixed!

You mind sharing the l2tp setup on the mikrotik, it will make live so much easier.