U-Verse Internet Static IPs

Tutor

U-Verse Internet Static IPs

Hey all,

 

I don't really have a problem, this post is mainly just for discussion.

 

I've been a U-verse customer for the past 3 months. Just 2 weeks ago, I learned that AT&T offered static IP blocks with this service.

 

I purchased the 128 block of IPs with the goal of incorporating them into a simple setup. To define simple, I wanted to only use the default 2wire RG with no further routers. I wanted my personal devices to each have a specific public IP address assigned via DHCP. I wanted a single Linux server to have 60 static public IPs using a single ethernet cable and NIC card assigned as STATIC ips (not DHCP).

 

I was successful in doing this and have incoming and outgoing connections to those IPs without any change needed on the RG. This setup was done using Debian and does not involve any other router than the RG.

 

It would take me some effort to write down instructions on how to do this so I figured I would first ask the community if anyone out there is actually interested in this kind of setup and wanted instructions.

 

If there is an interest, I will be happy to publish directions on this post. 

Message 1 of 11 (1,451 Views)
Contributor

Re: U-Verse Internet Static IPs

What where the costs associated with getting a block of static IP's?

 

I am interested in some instructions for your setup.

 

I too am in the process of setting up a similar network. Only mine is going to involve a wireless bridge for my downstairs because the RG is upstairs. 

Message 2 of 11 (1,451 Views)
Tutor

Re: U-Verse Internet Static IPs

Standard blocks of IPs are available from AT&T for the following costs:

 

8 $15
16 $25
32 $30
64 $35
128 $40

 

These are real blocks. IPs will be consecutive and separate blocks cannot be ordered at this time. In other words, you can't order two blocks of 8 to get a block of 16. You must order a block of 16. You can upgrade/downgrade blocks at any time but doing so assigns you completely new IPs.

 

Please note that because these are real blocks, three addresses are unusable in every block. One is for network, one is for broadcast, and the last usable IP is assigned to the RG. So a block of 8 has 5 usable IPs and a block of 128 has 125 usable IPs. 

 

They will perform RDNS entries for you but they do NOT offer RDNS delegation at this time. They will also unblock port 25 (the only default blocked port that I have found so far) by request.

 

Do NOT call sales or technical support for RDNS or ordering static IPs. Sales is convinced that IPs require a $149 installation fee + truck roll and technical support doesn't know the difference between forward and reverse DNS.

 

Call 1-888-722-9337 and dial extension 296 

 

I had to go through hours of phone calls for this number and extension and now it is the only number I call.

 

This is the AT&T Trial Department. They can order your new IPs within 5 minutes and walk you through how to set it up on your RG without an install fee or truckroll. They will also assist with any RDNS requests/changes.

 

My instructions would only be confirmed to work on Debian (Lenny) hooked straight into the RG. If you have another router/switch between the server and the RG, the router/switch would have to have the capability to advertise multiple MAC addresses for the WAN port. I can't provide instructions on how to do this since it is not reflective of my network.

 

To summarize my method, I have used a combination of the /etc/network/interfaces file, a custom if-up.d and if-post-down.d script, and a virtual ethernet driver to get one physical NIC card to advertise multiple MAC addresses. Each NIC card (the physical + all virtual cards) are setup to grab an IP statically (NOT through DHCP) which enables outgoing connections. I then tricked the router into allowing incoming connections (by making it do what it is supposed to be doing but isn't).

 

Are you still interested in instructions?

Message 3 of 11 (1,451 Views)
Contributor

Re: U-Verse Internet Static IPs

No worries on the instructions.

 

Are the fee's one time or monthly for the blocks?

 

Thanks for the info! 

Message 4 of 11 (1,451 Views)
Tutor

Re: U-Verse Internet Static IPs

The fees for static IPs are currently on monthly cycles. They are not available to purchase for one time fees.
Message 5 of 11 (1,451 Views)
Employee

Re: U-Verse Internet Static IPs

Monthly will keep people from getting them if the don't have a reason to need them.
Employee Contributor*
*I am an AT&T employee and the postings on this site are my own and don't necessarily represent AT&T's position, strategies or opinions.
Message 6 of 11 (1,451 Views)
Tutor

Re: U-Verse Internet Static IPs

I believe many things are keeping customers from purchasing IPs at this time. I will list a few of them below:

 

1) Next to zero advertisement. It seems that the majority of people don't even know U-verse offers static IPs

 

2) Incorrect information from sales. Sales seems to think that static IPs *require* a truckroll and fee of $149. Big turn off. This is NOT true.

 

3) Lack of knowledge about static IPs & reverse DNS within Tier I & Tier II technical support. This can keep a customer on the phone for 3 hours+ without any actual information being learned by the customer

 

4) In addition to #3 above, there is a direct number that can be used to get the trial department for help with reverse DNS and static IPs (WITHOUT a installation fee or truckroll) but this number is not advertised and no one seems to know about it to transfer you there. I only found out because a manager moved me there and someone from that department gave me the number.

 

5) Inability to easily assign more than one static IP address to a single device. You can do so with the method I mentioned in this post (as I did) but this is not easy to do and may not work in all situations.

 

plus many many more reasons.

 

I had to go through a lot of patience, phone calls, trial & error, kernel compiles, OS changes, cable/port switching, etc... in order to get my setup working correctly 100% of the time. 

Message 7 of 11 (1,451 Views)

Re: U-Verse Internet Static IPs

>To summarize my method, I have used a combination of the /etc/network/interfaces file, a custom if-up.d and if-post-down.d script, and a virtual ethernet driver to get one physical NIC card to advertise multiple MAC addresses. Each NIC card (the physical + all virtual cards) are setup to grab an IP statically (NOT through DHCP) which enables outgoing connections. I then tricked the router into allowing incoming connections (by making it do what it is supposed to be doing but isn't).

 

Are you still interested in instructions?

 

YES I would apprreciate it if you posted or send private the instructions.

Thanks..

I am going to order a block of 8 today.

 

Message 8 of 11 (1,451 Views)
Tutor

Re: U-Verse Internet Static IPs

*** If these instructions are not clear enough, let me know and i'll try to answer any questions you may have *** 

 

This was accomplished on Debian 5.0.2 running the default kernel 2.6.26 using a single physical NIC card connected to the gateway using an ethernet cable.


I have not tested these instructions on any other variant of linux or kernel so I do not know what results there would be. I can state that these instructions do work for the above setup, however.

Perform all steps in this document as root user (or using sudo)

Step 1. Make node for tun

mercury:~# mknod /dev/tun c 10 220


Step 2. Load required kernel module

mercury:~# modprobe tun

Test if the module loaded successfully:

mercury:~# lsmod | grep tun
tun                     8356  19

If it did not, you will need to recompile the kernel with this module <<Universal TUN/TAP driver>>


Step 3. Identify a single NIC card that will be used as your physical NIC card

This is the only NIC card that needs to be plugged into the gateway.

The easiest way to identify this is by using ifconfig to find which ethernet device is currently connected to the internet.

mercury:~# ifconfig
eth2      Link encap:Ethernet  HWaddr 00:40:05:0c:53:2e  
          inet addr:XX.XX.XXX.XXX  Bcast:XX.XX.XXX.XXX  Mask:255.255.255.128
          inet6 addr: XXXXXXXXXXXXXX Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:672795 errors:0 dropped:0 overruns:0 frame:0
          TX packets:650968 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:43883797 (41.8 MiB)  TX bytes:43102269 (41.1 MiB)
          Interrupt:3 Base address:0xd400 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3279 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3279 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:338942 (330.9 KiB)  TX bytes:338942 (330.9 KiB)

In this case, I want to use eth2. If there are more than one ethernet device connected, you should just choose one. I recommend disconnecting the cables from all other ethernet cards except the chosen card to avoid conflict.

If you do not see a device here (other than lo), you can find one with trial and error in Step 4.


Step 4. Edit /etc/network/interfaces with your favorite editor

Empty the entire contents of this file and replace it with the following:

auto lo
iface lo inet loopback

auto eth2
allow-hotplug eth2
iface eth2 inet static
        address XX.XX.XXX.XXX
        gateway XX.XX.XXX.XXX
        netmask XXX.XXX.XXX.XXX
        broadcast XXX.XXX.XXX.XXX

Of course, you need to replace eth2 with the name of the interface you chose in Step 3. If you did not choose one, disconnect cables from all ethernet cards except one and start with eth1. You will repeat this step until you can connect to google.com.

Replace address with the IP address you want to assign to this NIC card. This IP will be a public, not private, IP.

Replace gateway with the gateway public IP address (not private) that you assigned when you setup the IP addresses in the gateway.

Replace netmask with the appropriate netmask. 255.255.255.248 for a block of 8, 255.255.255.128 for a block of 128, look online for other blocks.

Replace broadcast with the broadcast address. This would be the first three numbers of your IP address followed by 255. So if you were assigned 99.65.240.XXX you would use 99.65.240.255 as your broadcast.

Save the file and exit back to the command prompt.

Restart networking

mercury:~# /etc/init.d/networking restart

Run ifconfig and you should get output just like Step 3. Just one ethernet device and a loopback device.

Attempt to ping google.com.

mercury:~# ping google.com

If it works, you can move on.

If it does not, edit the file replacing with a higher eth number. For example eth2, eth3, or eth4 and restart networking again. Once you can ping google.com, you are ready to move on.


Step 5. Preparing to make virtual ethernet devices

Download and extract vethd from: http://www.geocities.com/nestorjpg/veth/

change into the newly extracted directory and type 'make' to compile.

Once compiled do:

cp vethd /bin/vethd && chmod 700 /bin/vethd


copy the script to /bin/easymac and chmod 700 (remove the .sh extension when copying)

Create a new file called /bin/genmacaddr that contains the following lines:

#!/bin/sh
/bin/easymac -r | awk '{print $5}'

chmod 700 genmacaddr

typing genmacaddr should now display a unique mac address.

You are now officially setup to create additional network connections so let's get started.


Step 6. Create new if-up.d script

For this step, we need to add our new virtual ethernet devices to a special script that gets ran everytime a new interface is brought online. The reason for this is because once the actual interface goes down all virtual ethernet devices are destroyed.

To get around this, we check to see if the physical ethernet device was just brought up. If it was, we create our virtual devices again.

So create a new file called /etc/network/if-up.d/veth

Inside this file add the following lines:

#! /bin/sh
if [ "$IFACE" = eth2 ]; then
        /bin/vethd -v veth1 -e eth2 -m 00:ff:29:b2:04:fd;
        /bin/vethd -v veth2 -e eth2 -m 00:0c:29:59:57:72;
        /usr/sbin/arping -q -i eth2 XX.XX.XX.XX &>/dev/null &
fi


if [ "$IFACE" = veth1 ]; then
        /usr/sbin/arping -q -i veth1 XX.XX.XX.XX &>/dev/null &
fi


if [ "$IFACE" = veth2 ]; then
        /usr/sbin/arping -q -i veth2 XX.XX.XX.XX &>/dev/null &
fi

Replace 'eth2' with the appropriate name for your physical device. Then add a new /bin/vethd line for each IP you want to add. Change 'eth2' on these lines to be the name of your physical device. Make sure you assign a unique mac address (use genmacaddr created in the previous step) to each one and keep the same veth naming scheme. veth1, veth2, veth3, etc... there is no veth0. Replace 'eth2' in the arping line with your physical device name. You may also need to change the path to arping if it complains. Change XX.XX.XX.XX to your gateway's public IP.

Add a new 'if' block for each veth device setup above. Don't forget to change XX.XX.XX.XX to your gateway's public IP.

Save and exit this file.

chmod 755 /etc/network/if-up.d/veth

This script runs after every interface is brought up. Once the physical device is brought up, it creates the veth devices again with the same information each time. It then begins arping the gateway's public IP in the background.

After each veth is brought up it starts arping from that device as well in the background.


Step 7. Modify /etc/network/interfaces

Open /etc/network/interfaces in your favorite editor.

At the END of the file, add the below block of text for each veth device you created in Step 6.

auto veth1
allow-hotplug veth1
iface veth1 inet static
        address XX.XX.XX.XX
        gateway XX.XX.XX.XX
        netmask XX.XX.XX.XX
        broadcast XX.XX.XX.XX

The gateway, netmask, and broadcast will be the same for every block and should match that of the physical device. Only the address and veth device name will change.

Save the file and exit.


Step 8. Shutting down

Don't forget we have arping running in the background. We want these arping processes to stop once networking is shut down.

Create a new script /etc/network/if-post-down.d/veth

Add the following contents:

#! /bin/sh

for i in `pgrep arping`
do
kill -9 $i;
done

Save and exit.

chmod 755 /etc/network/if-post-down.d/veth


Step 9. Checking for arping

Sometimes arping is missing from debian. Type apt-get install arping to ensure you have this package installed as it is mandatory.


Step 10. Restart networking

Restart networking with /etc/init.d/networking restart

Some errors may appear but these are normal. It is also common for this process to take a few minutes on slower machines. Please be patient.

Once this process is completed, type ifconfig.

You should see your physical device, local loopback, and each veth device you setup with their public IPs listed.

Test them.

ping -I eth2 google.com
ping -I veth1 google.com
ping -I veth2 google.com

It will say "pinging FROM XX.XX.XX.XX" check that XX.XX.XX.XX is the expected IP for that interface. Also check that you are receiving responses from google.com

Congratulations, you now have outgoing connections.


Step 11. Test incoming connections

There are two ways to perform this test properly. This test will NOT produce accurate results if ran from within the network. IE, you MUST use a computer that is NOT connected to the gateway in any way or you must use a proxy.

Method 1. Proxy

Visit http://www.pagewash.com and type each of your IPs in (uncheck all 4 boxes) one at a time. You should see a webpage pop up. If you do, that IP works for all incoming connections (assuming you don't have iptables setup). You will, of course, need a webserver to test with. If you do not plan on running a webserver just do apt-get install lighttpd during the test then remove it.

Method 2. External network

Visit another computer in a different physical location (not connected to your gateway in any way) and try to SSH into your server. If it works, that IP works.

Regardless of your chosen method, test each IP. They should all work.


Conclusion / Summary

vethd + tun module allows the creation of virtual ethernet devices with unique mac addresses that are bridged to a physical device. These virtual devices are broadcast as physical devices to the outside world.

Using vethd + tun will get you static IPs for outgoing connections but not incoming connections (the router will be confused).

The way to get the incoming connections enabled is to arping the router from each interface. By arping, the router realizes you are connected. This is not permanent, however, so we have to arp every second for as long as the connection is online.

This will take a small amount of bandwidth over the network but should not heavily affect external connections (just LAN traffic being used).

By creating two custom scripts and modifying the interfaces file we have automated the setup.

To add a new interface, you just have to edit /etc/network/if-up.d/veth and /etc/network/interfaces then restart networking.
Message 9 of 11 (1,451 Views)
Contributor

Re: U-Verse Internet Static IPs

jsmith, thanks a lot for posting that phone number about RDNS.  I too went around and around with lots of nice clueless people before I found your post.  I called that number, and despite me having some difficulties with his accent and he with mine, I think we got it done.

Message 10 of 11 (1,451 Views)
Highlighted
Contributor

Re: U-Verse Internet Static IPs

Does anyone happen to have instructions on how to do this with Windows? I have a Watchguard firewall bhind the RG and can only use 2 addresses of my 11. Any config advice here?

Message 11 of 11 (564 Views)
Share this topic
Announcements

Welcome to the AT&T Community Forums!!! Stop by the Community How-To section for tips on how to get started.