Setting up a Web Server with BSNL AONT 100C Modem & TP Link Router

[newbie2902]

Good Morning everybody; this forum seems to be having a lot of information on networking in India. Great place for knowledge sharing and thank you members for making this forum such a wonderful & useful place.

We have an FTTH connection from BSNL and they have placed an Alphion AONT-100C modem. Since this modem doesn't have wifi feature, we have added a TP-Link router and connected many computers through wifi. Everything was fine until now when we want to use one of the computer in the network as a web server which has to be made accessible from public. Looked out for many tutorials online and tried our best with no success. So, please help with our situation.

EXISTING SETUP:
Modem: Alphion AONT-100C
LAN IP: 192.168.1.251
WAN IP: Dynamic
Connection Type: PPPoE
DHCP: Enabled

Router: TP-Link
LAN IP: 192.168.0.1
WAN IP: 192.168.1.127 (Dynamic)
Connection type: Wireless router
Connection in: LAN cable through WAN port from AONT modem
Connection out: Wifi and LAN ports

Web server machine: HP Workstation
LAN IP: 192.168.0.105
Listening to port: 80
Allow access: all

We tried two methods:
METHOD-1
Enabled DMZ (firewall settings) in BSNL modem with host 192.168.0.1 (TP-Link router) and port forwarded to 192.168.0.105 in the TP-Link router. Incoming public traffic is routed to BSNL modem admin page.

METHOD-2
Made the TP-Link router as an Access Point with IP 192.168.1.1 and assigned web server machine with IP 192.168.1.105, both having gateway as 192.168.1.251 which is the BSNL modem. Enabled port forwarding in BSNL modem to point to 192.168.1.105 (80 port). Incoming traffic is still routed to BSNL modem admin page.

We also tried with some different ports instead of 80, which didn't work either. Please help.

 

[Manoj Mathew]

With your existing double nat config, you need to port forward on Alphion to 192.168.1.127 not 192.168.0.1 Or set up 192.168.1.127 as DMZ on Alphion, better to use static ip on the TP-Link wan side for this. Then port forward on tplink to 192.168.0.105.

Putting alphion into bridge mode and then using tplink for pppoe would be a much better config. Also since you're having dynamic wan, you'll need some sort of dynamic dns to keep track of changing ip.

Easiest way without any port forwarding is to use a service like ngrok. Just run a process on the web server (which can be converted into a service) and access without any router or modem configuration.

 

[newbie2902]

@Manoj Mathew, thank you very much for the reply.

We did try to make the TP-Link WAN IP static at 192.168.1.127, but then not sure if DMZ host was pointing to this IP. Will definitely give this a try and keep you posted or seek further help as necessary.

Further, many a times have read in different posts and heard in YouTube videos, which you also mentioned, "Putting Alphion into bridge mode". Have been wondering how to do it! Actually, it would be great to have the PPPoE done through TP-Link router as there are more options available in this device. When we go to the "NETWORK" > "WAN" tab, there are only three options available - "DHCP", "STATIC IP" and "PPPoE". Can you please guide how to set the BSNL Alphion AONT-100C modem on bridge mode?

We are also thinking of going for a Static IP once all the basic settings are done. The people in our area BSNL office at Bangalore are fairly responsive and agreed to activate Static IP immediately on request & payment of prescribed fee. For the time being, we have configured the no-ip to handle the dynamic WAN IP.

Thank you for suggesting ngrok, will definitely explore that.

@varkey, thank you for reaching out and being a part of this thread on my request.

 

[varkey]

I completely agree with @Manoj Mathew, those would be the steps to try.

As to how to get Alphion in bridge mode, not sure, never used the device. In some devices, if you delete all WAN config it defaults to bridge mode. Worth a try, however BSNL could be having Mac binding in which case you might need to clone the Mac on the TP-Link.

Also, if you have access to another ONT, maybe try with that for bridge mode.

 

[newbie2902]

We have around five different BSNL FTTH connections in our block and all are having the same AONT modem as we do.

Will give a try to what @Manoj Mathew suggested and also experiment as you said by deleting all WAN settings to see if the device goes to bridge mode. It is true that BSNL has MAC binding and if at all the device goes to bridge mode, cloning the MAC of TP-Link router to simulate the AONT modem will be another challenge for us. It indeed is a good learning curve with the help of you all; thank you!

Will update the results so that it will helpful to many others when facing the same problem.

 

[Manoj Mathew]

Thing to remember when you daisy chain for port forwarding is to point to device connected on its lan side, not to lan side of another device further down the chain. Your Alphion device has no idea about the 192.168.0.105 machine connected to TP-Link, it can only forward packets it receives on a certain port to the tplink connected on its lan side with address 192.168.1.127 Then tplink can forward those packets to 192.168.0.105. If you do this correctly, it will work even with double nat

I too have no idea about your particular device for bridge mode instructions.

 

---

[newbie2902]

Thing to remember when you daisy chain for port forwarding is to point to device connected on its lan side, not to lan side of another device further down the chain. Your Alphion device has no idea about the 192.168.0.105 machine connected to TP-Link, it can only forward packets it receives on a certain port to the TP-Link connected on its lan side with address 192.168.1.127 Then tplink can forward those packets to 192.168.0.105. If you do this correctly, it will work even with double nat

Yeah, understood that after reading your previous reply; thank you @Manoj Mathew. Eager to go give it a try tomorrow.

I too have no idea about your particular device for bridge mode instructions.

True, as it's only given by BSNL and to some connections. If we fail to achieve any of your suggestions, may be will request one of you to connect to the device remotely to help us and also have a first hand experience of the device

 

[Dark_Nate]

Worth a try, however BSNL could be having Mac binding in which case you might need to clone the Mac on the TP-Link.

MAC Binding is done only for GPON registration procedure, literally the optical signal itself. PPPoE is not MAC bound.

 

[Dark_Nate]

We have around five different BSNL FTTH connections in our block and all are having the same AONT modem as we do.

Will give a try to what @Manoj Mathew suggested and also experiment as you said by deleting all WAN settings to see if the device goes to bridge mode. It is true that BSNL has MAC binding and if at all the device goes to bridge mode, cloning the MAC of TP-Link router to simulate the AONT modem will be another challenge for us. It indeed is a good learning curve with the help of you all; thank you!

Will update the results so that it will helpful to many others when facing the same problem.

I replied to your other thread on this bridge mode problem.

You don't need to clone MAC of the ONT. BSNL binds MAC for the ONT itself, not for PPPoE. I confirmed this with BSNL itself a long time ago when I got my connection. I use fake MACs for my PPPoE connection. Makes it more private and secure.

 

[varkey]

MAC Binding is done only for GPON registration procedure, literally the optical signal itself. PPPoE is not MAC bound.

I disagree, PPPoE auth is Mac bound for me.

Need some review of new BSNL Bharat Fiber FTTH Broadband Plans 777 / 1277 | BSNL Bharat Fiber Broadband

just opened bsnl.in , did they remove fup for ftth Source

broadband.forum

PPPoE auth fails with the below error

Tue Mar 26 08:24:06 2019 daemon.notice pppd[31302]: pppd 2.4.7 started by root, uid 0
Tue Mar 26 08:24:06 2019 daemon.info pppd[31302]: PPP session is 8420
Tue Mar 26 08:24:06 2019 daemon.warn pppd[31302]: Connected to 20:d8:0b:d4:8d:f4 via interface eth0.702
Tue Mar 26 08:24:06 2019 kern.info kernel: [134208.751099] pppoe-wan2_test: renamed from ppp0
Tue Mar 26 08:24:06 2019 daemon.info pppd[31302]: Using interface pppoe-wan2_test
Tue Mar 26 08:24:06 2019 daemon.notice pppd[31302]: Connect: pppoe-wan2_test <--> eth0.702
Tue Mar 26 08:24:06 2019 daemon.info odhcpd[1015]: Using a RA lifetime of 0 seconds on br-lan
Tue Mar 26 08:24:06 2019 daemon.info pppd[31302]: CHAP authentication failed: Policy Failed
Tue Mar 26 08:24:06 2019 daemon.err pppd[31302]: CHAP authentication failed
Tue Mar 26 08:24:06 2019 daemon.notice pppd[31302]: Modem hangup
Tue Mar 26 08:24:06 2019 daemon.notice pppd[31302]: Connection terminated.
Tue Mar 26 08:24:06 2019 daemon.info pppd[31302]: Sent PADT
Tue Mar 26 08:24:06 2019 daemon.info pppd[31302]: Exit.

CHAP authentication failed: Policy Failed which basically means that there is a policy being enforced where the PPPoE auth is allowed only from the whitelisted MAC address.