Wow, i go to bed and wake up to a boatload of info, thanks for the help so far fellas!
Well, i guess i'll go post by post
skspurling wrote:Problem is that it's a router, not a switch or a bridge. That /29 is on the outside of your router, so your router has to proxy for it, not route it.
It's probably on the inside of your providers router, but not yours. You have to do a 1:1 NAT. It's a bit better than a port forwarder, but you need private addresses on your stuff inside and the router translates the addresses still. If you want to use the addresses directly, then you need to run your devices directly behind the provider's edge device. Consider it as a DMZ for your network, and make sure to use sensible firewall rules on your providers edge device.
This modem/router is the only (edge) device on my side of the network.
It is provided by the ISP.
Those settings seem slightly odd, normally the router address should be in the same subnet as the ip address, without that you'll likely have various issues or need extra config.
Correct, i realised i did that wrong as i read your post, i have amended the file, it now looks like this
Code: Select all
Where the x.x.y is the address assigned to the modem.
Though i'm wondering if i shouldn't assign my ISP's DNS servers for the static DNS instead...
Also, i'm wondering if i shouldn't specify the /29 on the static router...
I can reach the box without it specified, but that's no guarantee it's 100% correct.
when looking up addresses on the pi you may find "ip addr" is better than "ifconfig" as ifconfig often doesnt show all the assigned ips (you may find you also have a private ip on the pi that it's using). You may find "curl icanhazip.com" is useful, this will show you what your public IP is (which may help determine if your pi is actually talking out on it's public IP or if the router is getting in the way).
The router doesn't seem to be getting in the way, the Pi reports the assigned address is the one being used from both ip addr and the curl from icanhazip.com...
Finally before putting the Pi on a public IP you should ensure it's been suitably secured, as a minimum i'd suggest changing the Pi account to something else (or create a new account and lock/delete the pi account),
Done, first thing i always do is remove the Pi account.
change any passwords, ideally set to key based auth on ssh, move ssh to an alternate port, setup a host based firewall.
Already done, first order of business during setup was generating a keypair with Puttygen, SSH is on a rather obscure port, Fail2Ban is installed, and UFW has been setup to allow SSH and HTTP/HTTPS and nothing else for now.
skspurling wrote:Also, don't use DHCP.conf. If you are going static, use static configs in /etc/network/interfaces... right?
With jessie, dhcpcd has taken over much of the network management roles. Generally, /etc/network/interfaces shouldn't be used for static IP assignments now.
This was indeed the one thing the network tech from my ISP stressed, that Jessie uses dhcpcd.conf and that i shouldn't use /etc/network/interfaces.
N.B. The default gateway (router) 80.x.x.rrr is not on your premises. (it may or may not offer dhcp)
I don't know about the Fritz!box 7360 but most home boxes contain a modem, a router, a switch a dhcp server etc all in the same box.
If the ports on your Fritz!box 7360 are in the 192.168.x.x range then connecting to them will not do what what you want.
I think you have ISP --- Modem --- Router --- Switch --- RPi
What you need is ISP --- RPi
This is very dependant on the ISP and equipment. In my /29 the gateway address (.169/29) is on my network and other devices (.170-.174) use that as their router. From externally if you contact the router ip you get my router. The pppoa link back to the ISP is a ppp unnumbered interface.
My experience is that the configuration can be very hardware and ISP dependant so help for that level of setup dedicated forums / blogs are more likely to be of use.
@ Cancelor : as can be seen from my reply to mfa298, i had the wrong address for the router/gateway indeed, this has now been rectified and set to the (hopefully) correct settings.
To sketch my setup in simple detail, we have the wall socket for the phone line (i'm on a VDSL connection), the Fritz!box (which is the modem/router/bridge), and then all my systems.
The Pi is directly connected to the Fritz!box.
My ISP specifies that it has to be ISP>Modem>Any machine i want to use, hence why the modem gets assigned it's own address in the subnet range.
Here's what the modem's page for the subnetting looks like : http://i23.photobucket.com/albums/b366/ ... 8mahdu.jpg
(i'm linking rather than inserting because it's a rather large image).
Note that the netmask is correct, according to the technician from the ISP.
Here's the help page from my ISP (sadly, no English version exists, sorry about that) : https://www.xs4all.nl/service/diensten/ ... itzbox.htm
I've literally followed the steps there, assigned the modem it's address, so everything is now (technically) as it should be.
Hell, the way i understand it, my subnet setup should, in theory at least, work the same as yours mfa298.
In the meantime i'm still tinkering with all the settings, i think i may be getting close.