cancel
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
View your usage, get billing support and much more with the My Optus app, download it here
Highlighted
Occasional Contributor
Occasional Contributor

Bridging a SageMCom F@st 3864 Modem-Router on NBN

It does not appear possible to configure the F@ast 3864 into Bridge Mode, i.e. where all incoming WAN traffic is passed through to another router without the 3864 also performing routing.  BTW if this were possible it would disable the SIP (landline phone) functionality on the modem.  However, it is possible to configure an approximation of bridging.  This lengthy post describes why you would want to do this and how.

 

I run an IT focussed, home-based business with many devices (OSX, Windows, iOS, Linux, Android) on a LAN.  I also have a publicly accessible Mail and Web server.  Security is paramount for my operations and therefore I have a commercial grade firewall-router that protects the LAN from attack, of which there are hundreds of attempts each day.  I am not convinced that the Optus supplied F@ast 3864 has sufficiently robust security for my needs, but I cannot use a third-party modem-router because Optus will not provide the SIP settings (NBN VoIP) for such a device in order to provide phone functionality.  Optus claims (probably reasonably) that this is because of security concerns, i.e. avoiding hacking of their complete VoIP network. A static IP address, only available on Optus business plans, is required in order to reliably run a mail/web server.

 

My current solution and the steps I took are:

 

  1. Ensured that the 3864 had a VDSL connection and that the phone and internet connections were working.
  2. Logged onto the 3864 and in Advanced Settings/Management/Settings performed a backup of the modem’s setting (config) to the computer from which I accessed the 3864.  The purpose of this backup is that if the reconfiguration goes wrong, the original settings can be restored.
  3. My LAN has subnets of 192.168.0.2…. and 192.168.3.2…., so I changed the 3864’s LAN address from the default 192.168.0.1 to 192.168.1.1 in the modem’s Advanced Settings/Advanced Setup/LAN page.  This also automatically changed the DHCP server address range to 192.168.1.2 … 254.  If starting afresh (i.e. no established LAN), you could keep the 3864 at 192.168.0.1 and use some other subnet for your internal network.
  4. I used “Add Entries” on that page to create a static IP Address for my firewall-router of 192.168.1.3, needing to also give the MAC address of the firewall-router. (I reserved 192.168.1.2 for the ethernet-connected computer used for configuring the 3864).
  5. In the Advanced Settings/Advanced Setup/NAT/Virtual Servers page I Added the TCP ports for the Mail and Web services required by my Mail and Web servers.  This is necessary if you’re running such servers because the 3864 is configured to rout these ports (to where?)
  6. I turned off WiFi on the 3864  because I have an internal wireless access point.  However, it can be left on, in which case you’ll get another subnet on the 192.168.1._ range for devices connected via the 3864 WiFi - useful for guests?
  7. There was no need to forward packets to a DMZ host (Advanced Setup/NAT):  indeed, this seemed to affect the 3864 phone functionality when I tried it!

 

The disadvantages of this setup (so far!) are that:

1. the WAN IP addresses of incoming packets passed to my firewall are always 192.168.1.1, not the originating, public IP addresses.  This has potential problems in terms of blocking specific IP Addresses on the firewall;

2. there is a slight degradation in throughput of WAN packets because of the “double” routing;

3. I’m not sure what other performance and/or security implications there might be for my firewall, although so far the firewall is performing as expected, e.g. blocking TCP/UDP port probes.

 

There are some advantages of this setup in a home-business environment:

 

1. The Optus phone functionality remains intact, without any need for reconfiguration.

2. the 3864’s subnet (192.168.1.2…..) can be used as a (less secure) home or guest network, segregated from the business subnets.  Devices on the firewall’s subnets cannot access the 3864 subnet and vice versa (except via the WAN interface to/from the web & mail servers).

Tags (3)
0 Kudos
Reply
6 Replies
Highlighted
Crowd Champion
Crowd Champion

Re: Bridging a SageMCom F@st 3864 Modem-Router on NBN

Hmm, how about a Business Account instead of a Home internet account?

 

Another option:

 

BYO modem with better security? Or

 

BYO modem run it to a sercurity server/firewall ETC. Once the traffic is clean -> internal network. Open port on the  firewall/virtural service to allow optus VOIP, i think its 5060. Connect the Lan to Sagem WAN port. The phone1 is now working. You can then connect the phone line to your own private phone router if needed. 

 

This way you will have full control of the traffic coming in will full sercurity, the Sagem modem is in your private network for phone one.

 

If you are running a full time business from the interent connection, then might consister a Business connection, both for stability and optus fair use policy. 


_________________________________________________________
I’m a Yes Crowd Champion (not an Optus employee). I share my knowledge on Yes Crowd on a voluntary basis. If I answered your question, please mark it as a Accepted Solution. If I helped you out, hit that Kudos button Smiley Happy
0 Kudos
Reply
Highlighted
Occasional Contributor
Occasional Contributor

Re: Bridging a SageMCom F@st 3864 Modem-Router on NBN

Thanks for that.

 

Mine is a Business Connection (Account), which is why I have a static IP Address.

 

Also, I did try putting the SageMCom behind another modem and my Checkpoint firewall and opening UDP ports 5060-5065, but the phone did not work.  I suspect it's the security within the firewall that's the problem for the phone, athough not sure (security log showed nothing untoward) and the current solution works fine anyway.

0 Kudos
Reply
Highlighted
Crowd Champion
Crowd Champion

Re: Bridging a SageMCom F@st 3864 Modem-Router on NBN

Looks like you have everything in order. Have you set up these rules in your firewall?

 

Ports 5060-5070 UDP/TCP.

AND

RTP Ports 16384-16482 UDP.


_________________________________________________________
I’m a Yes Crowd Champion (not an Optus employee). I share my knowledge on Yes Crowd on a voluntary basis. If I answered your question, please mark it as a Accepted Solution. If I helped you out, hit that Kudos button Smiley Happy
0 Kudos
Reply
Highlighted
Occasional Contributor
Occasional Contributor

Re: Bridging a SageMCom F@st 3864 Modem-Router on NBN

Thanks again.

 

To be honest, in moving from Telstra ADSL2 to Optus NBN, my imperative was to find a working solution as quickly as possible that preverved the integrity and settings of my firewall, which is a very complex, but effective, piece of kit.  The solution I posted has done that, but with some reservations as discussed.  Putting the SageMCom behind my firewall is an interesting possibility (but adds another device) and one that I didn't pursue after the initial failure and having found an alternative, working solution.

 

The firewall has a predefined service group for VoIP, which includes SIP and RTP ports, which I'd enabled (i.e. the group) in one of my attempts when identifying the SageMCom on the LAN as an object for VoIP.  I was, and still am, nervous of manually opening port ranges because, with a public-facing server (on a DMZ), I get a lot of port probing from "interesting" locations.  I think it's telling that Optus has locked down the VoIP services on the SageMcom on the basis of security concerns.

 

But all that said,  one of these days with a bit of spare time, I'll have another go and see if I can get the SageMCom phone working behind my firewall.

 

Regards,  Michaela.

0 Kudos
Reply
Highlighted
Occasional Contributor
Occasional Contributor

Re: Bridging a SageMCom F@st 3864 Modem-Router on NBN

The SIP settings are stored in the Sagecom after the first time you connect the modem to the FTTN network, they can be quite easily extracted (there are a number of whirlpool and other posts showing how this is possible) .

 

I have tested this with a number of voip phones and ATA and it works successfully, although Transport for SIP appears to require you to use TCP rather than UDP which will cause there to be slighly more SIP traffic then normal. UDP works but registration seems to timeout (says registered but incoming calls will fail until an outbound call is attempted forcing a reregistration. TCP works faultlessly with a lower registration timeout than standard.

 

Like you I found no Bridge Mode for the Sagecom

 

 

 

0 Kudos
Reply
Highlighted
Super Contributor
Super Contributor

Re: Bridging a SageMCom F@st 3864 Modem-Router on NBN