LOM on Xserve and ATT Uverse

Question

Level 1

25 points

LOM on Xserve and ATT Uverse

Okay, here's my problem. I have ATT Uverse as an ISP and for most things everything is working nicely. The only problem so far is I can't get LOM working on the Xserve. The problem lies in the fact that the gateway from ATT will not allow manual assignment of IP addresses. The gateway has to see the MAC address of the machine on the network. It appears that the LOM MAC address does not broadcast itself over the network, so the gateway doesn't think it exists. I can manually put in the IP address through Server Monitor for the LOM interface, but since the gateway doesn't see that interface, it doesn't route the information to it.
Is there anyway to make the LOM interface broadcast its MAC address to the network so the Uverse gateway will 'see' it?
I'm stumped. I hate the the 2wire gateway does not allow assignment of IP address by MAC address without actually seeing it on the network. Annoying.
Any help would be greatly appreciated.
THanks

Xserve, Mac OS X (10.6.2), 6GB ram

Posted on Dec 30, 2009 8:31 AM

Reply

Answer 1

MrHoffman

Level 10

146,581 points

Dec 30, 2009 11:05 AM in response to Mark Bolick

It's not entirely clear (to me) what you're trying to do here, and putting the LOM or most other stuff out where it's mostly-public is not typical; most folks are looking to use a VPN to connect to the firewall, and connecting to the LOM or otherwise from there. But if you really want to do this sort of a connection, then call AT&T and see about getting a replacement for whatever this widget is. That written, you'd probably prefer to get a bridge here, and that'll let you connect your own firewall behind it.

Reply

Answer 2

Mark Bolick Author

Level 1

25 points

Dec 30, 2009 11:31 AM in response to MrHoffman

With ATT's Uverse service, it runs through a residential gateway from 2wire. There is no switching out of this box as it is the only router/gateway they supply as it works for phone, TV and internet.

I have a block of static public IP addresses and I also have a private network running. One of the Xserve NICs has a static public IP that we use for our mail and web and the other NIC has the private IP that allows the internal network traffic.

The problem I'm having is the fact that the LOM MAC address on either NIC on the Xserve doesn't seem to broadcast itself on the network. The 2wire gateway from ATT will only and always function as a DHCP server. It hands out the private IP addresses automatically to every MAC address that is broadcast on the network. I can then either give that MAC address a static private address or static public IP from our pool, but I can't do either unless the 2wire gateway "sees" the MAC address on the network. No amount of setting the IP address, subnet and gateway for the LOM NIC in server monitor will work. The 2wire gateway will not respect it or show it in the device listing.

I need to know if there is anyway to force the LOM chip to broadcast the MAC address to the network so the 2wire gateway from ATT will give it an IP address from the DHCP so I can then assign a static address to it.

Currently, the 2wire gateway doesn't see that MAC address at all so I cannot remotely monitor our server from either outside over VPN or within the network from another system.

I know it sounds crazy and I'll admit that it is crazy, but that's how their equipment works. I cannot force it to accept the IP address unless it actually "sees" the MAC address on the network.

Hope this clears up the question.

Reply

Answer 3

MrHoffman

Level 10

146,581 points

Dec 30, 2009 12:15 PM in response to Mark Bolick

If the LOM didn't broadcast ARP, it would not be reachable.

The LOM won't do DHCP, and both the LOM and the server should be (must be) set to static addresses.

Some AT&T UVerse reading found via Google [(1)|http://utalk.att.com/utalk/board/message?board.id=HSIA&message.id=8185] and [(2)|http://www.broadbandreports.com/forum/r21258098-Modifying-DHCP-on-the-Gate way-possible], and there are many others.

Reply

Answer 4

Camelot

Level 9

58,581 points

Jan 1, 2010 3:49 PM in response to Mark Bolick

It hands out the private IP addresses automatically to every MAC address that is broadcast on the network

Actually, that's not how a DHCP server is supposed to work. If it is doing that then the server is malfunctioning and should be replaced. It is entirely, 100% valid to have devices on the network that are not DHCP-based. It is wrong for the DHCP server to allocate an address to any device just because it's on the network. It should only assign addresses to devices that ask for one (via a DHCP request).

As such there is nothing (or, at least should not be anything) that prevents you from assigning a spare IP address in your private subnet to the LOM interface. The only question is how to work out what address to use. For that you need to know the DHCP range that the server is using.

For example, if your private network is 192.168.1.0/255.255.255.0 and the DHCP server is handing out addresses from 192.168.1.1 through 192.168.1.100 then that leaves all the addresses from 192.168.1.101 through 192.168.1.254 (less the address of the router itself) as being free for statically-assigned devices in your network.

Reply

Answer 5

JFMezei

Level 1

29 points

Jan 4, 2010 2:24 AM in response to Mark Bolick

LOM uses port UDP 623.

If your router uses NAT to map between internet IP and lan IP, then you can map calls to port 623 to the IP address assigned to your LOW port on the server.

Your LOM port has a fixed IP address. It doesn't do DHCP requests. So your router will remain unaware of it until it needs to connect to it.

What IP address did you assign to your LOM port ?
What IP addresses do the machines in your LAN normally use ?

If both are not on the same subnet, then you will need to program your router to do its job: ROUTE. You'll need to tell it that it can route between the subnet used by your computers and the subnet used by the LOM port via the same interface.

Normally, one would have a NAT router and use a private IP space in your lan. (10. .*. or 192.168. . for instance). This enables all your machines in your lan to be in the same subnet and reach each other directly. The router would then connect your lan to the internet.

If you use the internet IP addresses from your ISP in your lan, then your LOM port either needs to be in the same subnet as the addresses given by your ISP, or you need to program your router to route between both subnets.

Reply

Answer 6

MrHoffman

Level 10

146,581 points

Jan 4, 2010 4:48 AM in response to JFMezei

Your LOM port has a fixed IP address. It doesn't do DHCP requests. So your router will remain unaware of it until it needs to connect to it.

Slight clarification: With an IP router or IP in general, check the ARP cache for what hosts the particular box knows about. Though a DHCP server will likely be unaware.

Using a VPN into the LAN into the LOM, BTW, works nicely for connecting into the LOM.

IP routing on Xserve and on Mac OS X in general can be a little entertaining, unfortunately.

Reply

Answer 7

Mark Bolick Author

Level 1

25 points

Jan 11, 2010 6:43 AM in response to MrHoffman

I want to thank everyone for their suggestions. I understand how DHCP server and the network the LOM port are supposed to work. I get that.

The problem is that the 2wire doesn't work like a it's supposed to. It is programmed incorrectly simple because they program it handle VOIP, IPTV and normal networking, so they've made it incompatible with normal networking standards. I'm not an idiot.

I've talked more with AT&T and they've been extremely helpful in trying to figure this out. They have admitted that the 2wire does not function as it should for networking, but there's nothing they can do about it.

What we ended up doing was providing an Airport Extreme with the IP destined for the LOM port, then had the Airport Extreme plugged directly into the LOM port. Then we gave the LOM port a fixed address from the Airport Extreme, so all the traffic goes through the Airport Extreme that the 2wire will give a fixed IP to and then the Airport Extreme allows me to give a fixed IP to the LOM MAC address.

A bit kludgy, but it accomplishes the goal. If anyone else has this same issue, hopefully this will help them to solve it. AT&T Uverse is a weird beast.

Reply

Answer 8

Mark Bolick Author

Level 1

25 points

Jan 11, 2010 6:43 AM in response to Mark Bolick

Answered and completed with the help of AT&T tech support. Thanks for everyone's help.

Reply

Answer 9

Jan 24, 2010 11:33 AM in response to Mark Bolick

There's actually another way to do this..

1) Initially setup your server to get IP addresses via DHCP.
2) Once the RG sees the server, go into "Edit address allocation" -- tell it you are assigning a WAN IP (Static) and then from the right drop down menu, select the appropriate public static IP from your block. If you wish to disable the firewall, do so at the same time before saving and going to the next step.
3) Save.
4) Go back to the server and configure as a manual static IP.

The trick is getting the rule into the RG and telling it to allow traffic to flow to that IP from the outside world; it needs the MAC address to do so cached in its internal table. Once saved, it should survive all events (minus a hard reset.)

Your observation around the ARP caching is correct; and while it is meant to work with static IP devices, it can take minutes (and sometimes never) to appear. No idea why, but this approach seems to work. There's been similar discussion on the utalk forums as well.

Reply