Goodbye! TM Streamyx Public IP Address

During the old days I was enjoying with my TM Streamyx internet, though it was the cheapest package I have availed it means a lot to me. Speaking of the lowest plan rate that I only spent 60RM per month with my "Naked DSL" offered by Telekom Malaysia Berhad to a subscriber like me that used less bandwidth 384Kbps is just enough to cater my public web server, ftp, ssh and other stuff. As a loyal customer to my ISP they upgrade to 512Kbps after four (4) years, yes its more than eight (8) years to date yet I am still sticking to my copper trunk line connection.

Since last year my Streamyx account has no longer on its own dynamic Public IP address as it is very useful for me with the help of free and paid Dynamic DNS that have been offered by most registrar for a fraction of dollars. To further my suspicious if my Streamyx is waving to Unifi I did this test verifying that I guest its because of my DSL modem only.

This is my Aztech DSL605EW DSL modem been serving 24/7/360 without any issue all day night up and running. As you can see its PPPoE but my IP address is NATted to private IP address which is useless to serve my needs because I am already behind NAT. Web server, ftp, ssh and other stuff like CCTV is no longer possible to be in public.

Keep trying! Same story with my new TP-Link WR740N the cheapest wireless router that can do more with OpenWrt firmware, but still gives  me a private IP address.

This is Aztech DSL5018EN1T1R DSL modem wireless router, same result that gives me another private IP address behind NAT.

This is Innacomm W3400V DSL modem wireless router a sub-con of Telekom Malaysia, still no luck to have a public dynamic IP address.

My last test is ZyXELL P-600 series rebrand to TM6841G, this is also a DSL modem wireless router unfortunately all of the above device I have tested does not give a public dynamic IP address as I do have during the old days. Its more like decent to be hook to P1 WiMAX though it is unwired by using their wireless modem, their CPEs are capable of giving a good dynamic public address. I guest its time to upgrade to TMnet or Unifi, I am thinking of Maxis Fiber. Telekom Malaysia ISP is saving more chunk of their dynamic public address by doing this strategy, this is how they can maximized they resources as IPv4 is going to end soon because of more and more going to be a Netizen.

Read More

How-To TP-Link WR740N OpenWrt Separate VLANs

A Virtual LAN, or vlan for short, allows partitioning the network in a set of virtual networks, mutually isolated.

The TP-Link TL-WR740N contains four (4) LAN ports, all belonging to the same network. With VLANs, it is possible to configure those LAN ports in different manner, so that the device does not behave anymore as a switch on the 4 ports. For example, it would be possible to setup the two leftmost ports on a virtual LAN: devices connected into these ports would see each other, but would have no routing to devices plugged into the rightmost ports.

Full information on VLANs in OpenWrt can be found in the network interfaces document. This page includes information specific to the TL-WR740N router, configured with OpenWrt (Attitude Adjustment 12.09 release).

The default /etc/config/network configuration looks like:

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config interface 'lan'
option ifname 'eth0'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'

config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'

config switch
option name 'eth0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'eth0'
option vlan '1'
option ports '0 1 2 3 4'
option vid '1'

So there is a switch identified as eth0. To get info on this switch:

swconfig dev switch0 help

Which outputs:

switch0: eth1(AR934X built-in switch), ports: 5 (cpu @ 0), vlans: 16

--switch

Attribute 1 (int): enable_vlan (Enable VLAN mode)

Attribute 2 (none): apply (Activate changes in the hardware)

Attribute 3 (none): reset (Reset the switch)

--vlan

Attribute 1 (int): vid (VLAN ID)

Attribute 2 (ports): ports (VLAN port mapping)

--port

Attribute 1 (int): pvid (Primary VLAN ID)

Attribute 2 (string): link (Get port link information)

So this device supports 16 vlans, and the port 0 is the CPU port; ports 1,2,3,4 are associated to the 4 LAN connections on the back of the router.

To get the exact matching between ports and the labelling on the router, enter now:

swconfig dev switch0 show

And play with connecting cables to the LAN connections. For this router, I got the following allocation:

Port 0: CPU

Port 1: LAN 4

Port 2: LAN 1

Port 3: LAN 2

Port 4: LAN 3

With the existing configuration, there is a single virtual lan, with identity 0, identified as eth1.0 (or directly eth1).

To configure two virtual lans, one associated to the left ports (LAN 1, LAN 2 / ports 2 and 3), and other associated to the right ports (LAN 3, LAN 4 / ports 1 and 4), we use the following configuration:

config interface 'loopback'

option ifname 'lo'

option proto 'static'

option ipaddr '127.0.0.1'

option netmask '255.0.0.0'

config interface 'lan'

option ifname 'eth0.1'

option type 'bridge'

option proto 'static'

option ipaddr '192.168.1.1'

option netmask '255.255.255.0'

config interface 'landenver'

option ifname 'eth0.2'

option type 'bridge'

option proto 'static'

option ipaddr '192.168.2.1'

option netmask '255.255.255.0'

config interface 'wan'

option ifname 'eth1'

option proto 'dhcp'

config switch

option name 'eth0'

option reset '1'

option enable_vlan '1'

config switch_vlan 'eth0_1'

option device 'eth0'

option vlan '1'

option vid '1'

option ports '2 3 0t'

config switch_vlan 'eth0_2'

option device 'eth0'

option vlan '2'

option vid '2'

option ports '1 4 0t'

This creates an interface called lan associated to the first vlan (eth1.1), that is, to the ports labelled in the router as LAN 1, LAN2; it also creates the interface landenver associated to the second vlan (eth1.2), on the remaining router ports. Note that each interface uses a different set of LAN ports (2,3 vs 1,4) and both obviously communicate with the CPU (port 0). As both access the port 0, this is tagged (0t). Detailed information on this logic is included in the switch documentation on the OpenWRT wiki page.

With this configuration, entering now (after restarting the network with /etc/init.d/network restart:

swconfig dev switch0 show

Will output:

root@OpenWrt:/# swconfig dev switch0 show

Global attributes:

enable_vlan: 1

Port 0:

pvid: 0

link: port:0 link:up speed:1000baseT full-duplex txflow rxflow

Port 1:

pvid: 2

link: port:1 link:down

Port 2:

pvid: 1

link: port:2 link:down

Port 3:

pvid: 1

link: port:3 link:up speed:100baseT full-duplex auto

Port 4:

pvid: 2

link: port:4 link:down

VLAN 0:

vid: 0

ports: 0t

VLAN 1:

vid: 1

ports: 0t 2 3

VLAN 2:

vid: 2

ports: 0t 1 4

For this to fully work, we need to provide additional firewall rules, and setup dhcp for the new interface (landenver): enter in /etc/config/firewall the following new lines:

config zone

option name landenver

option network 'landenver'

option input ACCEPT

option output ACCEPT

option forward REJECT

and, in /etc/config/dhcp add now:

config dhcp landenver

option interface landenver

option start 200

option limit 250

option leasetime 12h

Time now to restart the network, and enjoy the different virtual lans:

/etc/init.d/network restart

Read More

How-To TP-LINK WR740N Openwrt MultiWAN

Just wanted to share my TP-Link WR740N ver4.27 wireless router flashed with Openwrt firmware "Attitude Adjustment 12.0" loaded with MultiWAN. These are five (5) ADSL trunk that I wanted to do with load balancing likewise as failover. My equipment compose of one (1) TP-Link WR740N wireless router use as the core, one Azetech ADSL modem with four(4) port LAN, one (1)port RJ11 built-in with wireless Access Point were I used as WISP server. Also I have four(4) TP-Link ADSL modem TD-8816 were I used as routed device for eWAN1-4.

As you can see the above network diagram how I wired all the device to make it work properly, I have five(5) xDSL line hooked to each of the TP-Link TD-8816 then to WR740N wireless router four(4) LAN port but converted it as eWAN port via Free Switch of Openwrt plugins. Now my WR740N flashed with OpenWrt firmware will serve as load balancer and failover appliances.

So, here's my setup of TP-Link WR740N flashed with OpenWrt Attitude Adjustment 12.09 as Load Balancer and Failover. First what I did is configure the VLAN Switch.

By default after the TP-Link WR740N flashed with OpenWrt firmware this is how it looks like, then proceed to configure the VLAN Switch make at least four VLANs.

After successfully able to configure the VLANs Switch, then proceed to setup for the eWANs.

The above screenshot having five(5) xDSL trunk, four(4) lines are via TP-Link TD-8816, then the other line is via WISP server, my Azetech modem router that has built-in Access Point aka WiFi I made it in Bridge Mode then also serve as PPPoE server. Then configure the TP-Link WR740N WLAN or radio0 as client mode and connect to the WISP server that is why I have able to made it work as five xDSL trunk. Forget to mention that I revert that eth0 by default is for LAN convert it to WAN then likewise the eth1 by default is for WAN convert it to LAN.

The last but not the least, please don't forget the firewall setting because fail to do this things your internet will not work inshort you will not be able to browse any of your favorite website. This part here is a must, you can just follow my screenshot and edit the setting if how many trunks you have with you.

Finally the MultiWAN Openwrt plugins will just turn into green as above sample you, your TP-Link WR740N now doing the job as Load Balancer and Failover, just like those expensive Cisco equipment, D-Link not to mention others... enjoy!

Read More

TM Riger DB120-WL reflash with TD-W8951ND Stock Firmware

If you are unhappy of your Riger DB120-WL Streamyx residential modem wireless router because of its buggy stock firmware given by TM for you as FREE, now you are not anymore locked by your ISP you will now have the chance to re-flashing your device with the TP-Link TD-W8951ND v5 third party stock firmware that will give you the total freedom.

Before you proceed, take this precaution.

• This applicable only Riger DB120-WL (Silver) with Firmware Riger v4 installed by default.
• Before you proceed updating, please connect your PC directly via LAN cable to DB120-WL
• This may void your warranty (may or may not be, since you didn't open the case)
• Doing this is at your own risk!

Step 1. Download Firmware

• Download TP-LINK TD-W8951ND v5 firmware from TP-Link Websites

Step 2. Extract

• Open zip file and then open "TD-W8951ND_V5_140226 & TD-W8951ND_V5_140306" folder, extract "TD-W8951_V5_140306" folder (simply click once and drag)

Step 3. Login

• Note: Do this only when computer connected via LAN Cable (Hardwired)
• Username: tmadmin
• Password: Adm@**** (**** is the last 4 HEX digit of MAC Address, eg: D1E3 => Adm@D1E3, you can find bottom of your DB120-WL)

Step 4. Click maintenance

• After successful login, click maintenance and then click Firmware, until you see this page:

Step 5. Choose firmware

• Click New Firmware Location: "Browse" button and then locate back where you extract just now, and then open that folder and choose "ras" file.

Step 6. Proceed!

• Click "UPGRADE" button! and wait until you see a progress bar!

Step 7. Update complete

• Once progress bar reach 100% and it will redirect to new TP-Link login page!
• Please login using previous username and password (it's look awkward when login using tmadmin under TP-Link page, lol)

Step 8. Finished!

• Well done, now you have working DB120-WL with TP-Link Firmware! TP-Link will use your previous configuration.

Step 9. Improve Wireless Security

• Click Interface Setup tab and then click Wireless
• Scroll down until you find Multiple SSID Settings, change SSID Index to 2.
• Change SSID: Riger1 to any string you like,
• Then change encryption to WPA2-PSK and put any password you like.
• Repeat until SSID Index: 4
• This simply blocking from someone using your hidden wireless, because default DB120-WL allow other to join your wireless freely by simply enter "Riger1" or "Riger2" or "Riger3" SSID.

This guide originally posted in LowYat Forum.

Read More

Jetway J7F2 Four LAN Mini-ITX for pfSense

For quite a while I was running m0n0wall on an old dell laptop with two NICs. This worked out pretty well because the laptop had a built-in screen, keyboard, and battery backup of sorts. It was also fairly portable. At some point I decided I wanted to do a bit more with my firewall and move to more powerful hardware. In particular, I wanted to try out pfSense, a m0n0wall fork. pfSense contains a package management system that allows you to install a wide variety of services including: Snort, Squid, FreeSWITCH, OpenBGPD, to name a few. I'll return to these in subsequent posts. I also needed more interfaces to be able to properly segregate my wireless network from my wired network.

I've been a big fan of the smaller form factor x86 machines for a while. Serapeum was built on a MicroATX form factor as well as my current desktop system. µATX is great for smaller desktop machines but is a bit too large for a firewall solution.

Mini-ITX seemed like the perfect option. I selected the Jetway J7F2 board with a 1.5Ghz Via C7 processor. Two compelling reasons for selecting this board were the Padlock engine, which provides hardware RNG, AES, and hashing acceleration, and support for daughter cards. Some quick OpenSSL benchmarks using the various engines provided these results:

cryptodev kilobytes per second:

type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes

aes-256-cbc 10166.19k 10492.00k 10832.45k 10520.09k 10871.68k

padlock kilobytes per second:

type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes

aes-256-cbc 69552.53k 221044.97k 475699.68k 662806.69k 745178.49k

The padlock hardware engine provides a 6850% increase in AES 256 encryption over the software based cryptodev. It peeks at about 5.7 gigabits per second. Cryptodev only achieves 85 megabits per second.

Summary of build hardware:
Jetway J7F2 VIA C7 1.5Ghz
Jetway AD3RTLANG 3 port GigaLAN daughter card
Corsair 1GB DDR2 533
Transcend 4GB CF 300x
M200 Enclosure
PicoPSU-120

Read More