Routing with static public network

[sheepie]

Hi

I have a 29 bit public subnet assigned to me by my ISP. Any requests to the ip addresses within this subnet all get routed to my 7800 modem (by the ISP). The problem is that the 7800 modem does not forward anything on. Basically outgoing connections work fine, anything incoming does not get past the 7800.

So for example
my public subnet is 88.95.172.160/29
7800 router address has nat disabled and auto - gets 88.95.172.166 assigned when it syncs.
ipcop based firewall connected to ewan with ip 88.95.172.161 (and 162-165 as aliases). Also tried connecting to a lan port.
7800 lan port configured as 88.95.172.166 (broadcast 255.255.255.248)

So, any traffic to the addresses 88.95.172.161-165 should get routed to the 7800 and then an ARP sent on the 7800 lan/ewan ports which the ipcop firewall will reply to, but that doesn't happen, I see no traffic on the lan/ewan ports at all for the other ip addresses (using tcpdump).

I have a Zyxel modem and it all works fine on that with similar settings.

[billion_fan]

Hi

I have a 29 bit public subnet assigned to me by my ISP. Any requests to the ip addresses within this subnet all get routed to my 7800 modem (by the ISP). The problem is that the 7800 modem does not forward anything on. Basically outgoing connections work fine, anything incoming does not get past the 7800.

So for example
my public subnet is 88.95.172.160/29
7800 router address has nat disabled and auto - gets 88.95.172.166 assigned when it syncs.
ipcop based firewall connected to ewan with ip 88.95.172.161 (and 162-165 as aliases). Also tried connecting to a lan port.
7800 lan port configured as 88.95.172.166 (broadcast 255.255.255.248)

So, any traffic to the addresses 88.95.172.161-165 should get routed to the 7800 and then an ARP sent on the 7800 lan/ewan ports which the ipcop firewall will reply to, but that doesn't happen, I see no traffic on the lan/ewan ports at all for the other ip addresses (using tcpdump).

I have a Zyxel modem and it all works fine on that with similar settings.

Have you tried the following stepup??

1. 7800 lan port configured as 88.95.172.166 (broadcast 255.255.255.248) with NAT disabled this is fine
2. 88.95.172.161-165 should be set either by the DHCP or turn off the DHCP server and assign static IP's to your firewall, the gateway should point ot the routers new LAN IP (88.95.172.166)
3. Add a rule within the firewall allowing all incoming packets to any IP or to your range 88.95.172.161-165 (set in the internal IP section) direction incoming, action forward.

Thats should be it, another option you can try is to use one to one nat option.

[sheepie]

Thanks

it was the firwall rule that I was missing - I assumed that no rules meant the firewall was disabled. Added a rule to allow any/any on incoming traffic and it works