• Category Archives IT
  • Eliminating bell’s home hub 3000

    I have recently upgraded my internet from VDSL (50/10) to gigabit (500/500) unfortunately this means that I have to use bell as an ISP and that means I needed to use their crappy home hub router/gateway. Initaly just set it up so my existing router would use the bell router as a bridge to talk to bells PPPoE network because I had no way to use the SFP ONT that is registered with their network until recently. my old TP-link consumer grade gigabit router was on its last legs (constantly crashing for no reason). I have been wanting to upgrade my network with a more professional setup and ended up getting a Mikrotik hAP AC router (https://www.amazon.ca/gp/product/B01BMMK4HI)since I wanted to keep the cost down while still having 802.11b/g/n/ac to cover my apartment (if i were in a house I would have gone for a 24 port router with distributed AP’s) and an SFP port and poe injection. Any way the MikroTik routerOS opens a lot of configuration possibilities (and head aches) that normal consumer routers dont offer like bypassing ISP hardware

    Please note: this will not work if you have the TV bundle I have read something about bell using VLAN 37 for this but I do not have a tv subscription so I cant test it

    After a week of tinkering and playing with my new toy I was able to get the router to work on bells GPON using the provided ONT (since it is white listed on their network)

    1. you need to get your LAN configured how you need it dhcp server, wifi, firewall rules, etc.
    2. remove the SFP module and Fiber from your Home hub (open the door on the router where the fiber enters)
    3. install the ONT and Fiber into your SFP when you open the sfp you should see the interface panel in RouterOS you should see the vendor info
    4. configure a VLAN with ID 35 and set its interface to use the SFP port
    5. setup a PPPoe interface using the B1 username and password from bell you can get this from the bell one bill system (including setting the password)
    6. tell the pppoe to use the VLAN you made earlier as its interface
    7. If all went well you should be online

    bonus: I found that the default MTU is 1480. If I simply increased the MTU to 1520 (to bring the pppoe up to 1500) on the VLAN and SFP the SFP would start fragmenting packets and throwing Rx too long errors I guess it just doesn’t like jumbo packets all that much. I did find that if I brought the MTU to 1512 it would work fine (without errors) and the PPPoe was running at 1492.


  • Networking: a phoned in analogy

    I was trying to explain to some one how in a fairly top level way the internet works and had a hard time going it this morning it hit me everyone know how to call someone and Generally how phones work so i started writing.

    DNS(domain name server):

    You get a phone and a phone number for your company and no one knows that number but everyone know your company’s name. So to tell everyone your phone# you call up the company that makes the phone books (authoritative name server and registar) and say my companies phone# is XXX XXX XXXX and to inform the phone operators of this. It takes some time for that company to print the updated list and send it to the operators(dns recurser) around the world. So when someone calls the operator (a known phone number by many many people but not all) and asks for company Y the operator says they should call XXX XXX XXXX to talk to you. However if someone from a different city calls their operator (could be a different number entirely) The operator will check their records and say “hold on for a second let me get that information for you” and call the next towns or even the state operator (root server) (sometimes 2 or 3 other towns) and ask “do you know the phone number for Y?” If they don’t which will do the same as the first operator and ask around, until one of them calls your cities operator and get the phone number of your company. this information will get passed all the way back to the original operator and then the client that made the original request. When each operator got that number they wrote it down to ad to their lisk to known numbers for the next time someone asks for company Y.DDNS: same situation as before but instead you had the cheaper option to not always keep the same phone number and so it will change at random(ish) depending on your phone company (dhcp server) but they will tell the receptionist (gateway router) that number when she calls in to ask for the new number in the morning, could be the same as yesterday but could be different. But she will never tell you (local server) what that number is and will only tell you your extension, unless you go read her notes (network status) so to get around this you call a friend that has caller ID (whats my number) and they tell you the number they see on their end. so you call up the phone book company and tell them your new number so the operator can be told of the change

    DDNS (dynamic domain name server)

    Same situation as before but instead you had the cheaper option to not always keep the same phone number and share one in a pool of rotating phone numbers. And so it will change at randomish intervals depending on your phone company’s policies. The phone company will tell the receptionist (gateway router) that number when she calls in to ask if she has a new number in the morning, could be the same as yesterday but could be different. The receptionist will never tell you (the local server) what that number is and will only tell you your phones extension, unless you go read her notes (network status). So to get around this you call a friend that has caller ID (whats my number) and they tell you the number they see on their end. After that you call up the phone book company (registar) and tell them your new number so the operators can be told of the new change.

    DHCP ( Dynamic Host Configuration Protocol )

    Basically the IT guy who manages the phone numbers to each department or in terms of public numbers the phone company managing and assigning a phone number.

    NAT (network address translation)

    You (the server software) are working for a company (subnet) and have a specific extension (port) in your department which has its own internal phone number (server and hardware IP ). You can be reached at lets say extension 443 and someone is calling the phone number they got from their operator and expects to talk to someone at extension 443 to get the information needed. When the client calls they say to the receptionist (router / firewall) “I need to talk to 443” the client cant directly call those internal department phone numbers. The receptionist was told by her manager if someone asks for 443 to forward the call to the department’s leader( firewall) who yells to the room “who has 443?” you (the server software) answers “I do” so they route the call to you who can then openly talk(packets) to the client. If you are sick (server offline) no one answers however the client keeps asking for information and no one responds. so the client hangs up after a while(time out).

    Port forwarding:

    Same as before someone is calling asking to talk to 443 but your department leader (firewall) hates that number and wont let anyone use it (blocked port) so they give you a different extension like 993 for no reason. the receptionist is told that when she calls a department to say “this client wants to talk to 993” even though they originally asked to talk to 443.

    Firewalls:

    (in a very general sense)

    Outgoing port blocking:

    Just as before someone is calling 443 the receptionist calls your department but because the team lead (firewall) hates 443 he broke the microphone so when you answer the routed call you can hear everything the client says and you keep responding but they cant hear anything back so they hang up (time out). And at each one of the previous steps there is a leader(firewall) who can shutdown the call or send it to a different person along the way if they don’t like something about it (iptables rules).

    Incoming port blocking:

    when a client calls in to speak to extension 022 The firewall tells the client to fuck off (REJECT), He can also not tell anyone that there ever was a call (DROP), or he can send the client to somewhere else entirely(NAT).