The Cisco 675 operated with the older firmware and allowed me to route a public subnet and NAT other addresses. The Cisco 678 with the latest firmware at the least does not work the same and at the most is completely broken in this regard. But it may be a problem between my chair and keyboard. The modem is no longer manufactured and is out of support. So I am stuck. I still have the older Cisco 675 modem and can verify the configuration there is the same and it worked fine. I can't go back to the 675 because that is CAP only and does not have the DMT capability.
Here is my configuration.
set nvram erase write reboot enable set int wan0-0 disable set int wan0-0 close set int wan0-0 vpi 0 set int wan0-0 vci 32 set int wan0-0 enable set ppp wan0-0 login user@example.com set ppp wan0-0 password ****** set ppp restart enabled set nat enabled set dhcp server enable set route add ip 216.17.153.56 mask 255.255.255.248 gw 10.0.0.2 write reboot
The intention is that the subnet 216.17.153.56/29 be routed to the router at 10.0.0.2. This works with the Cisco 675 and the older v2.0.x firmware but fails on the Cisco 678 with the new v2.4.6 firmware.
The problem is that outgoing connections from the routed subnet are NAT'd by the Cisco. That is incorrect and breaks the TCP circuit. The behavior is that ICMP (ping) works but that TCP/IP does not. Running tcpdump on two hosts and checking the packets show that the return ack packets are translated by the NAT.
I don't really need the NAT functionality in the Cisco. It appears as if that is the problem. Therefore I try a configuration without it. Here is what I tried.
set nvram erase write reboot enable set int wan0-0 disable set int wan0-0 close set int wan0-0 vpi 0 set int wan0-0 vci 32 set int wan0-0 enable set ppp wan0-0 login user@example.com set ppp wan0-0 password ****** set ppp restart enabled set route add ip 216.17.153.56 mask 255.255.255.248 gw 10.0.0.2 write reboot
With both NAT and DHCP off I expected the routed subnet to no longer be NAT'd and I would have a working configuration. Unfortunately I could not get this configuration to work at all. Without NAT enabled the Cisco firmware would change the internal eth0 address from 10.0.0.1 to my FRII modem negotiated 216.17.139.147 address! At this point the modem configuration was virtually unusable. This was very surprising to me. I could make no progress around it. Sorry but I do not have a screen capture of the configuration shown. No, I don't expect you to believe me without it. I eventually gave up on trying to make it work without NAT enabled.
Looking at the nvram in the original routed subnet configuration I can see the following information.
show nvram IP static route table entries = 216.17.153.56, 10.0.0.2, 255.255.255.248, 1, 0;
A friend with a Cisco 678 has a similar configuration. It is working for him with CBOS v2.4.3. This is the information from his nvram.
show nvram IP static route table entries = 216.17.155.80, 10.0.0.2, 255.255.255.248, 1, 0; IP Default Route for Unnumbered Links = 001, 01, 0
Notice the extra information at the end of that route line? I do not see that with my modem. Neither of us know how to enter commands in such a way as to recreate that line. But the fact that there is an example in the known working configuration proves that in the absense of bugs the firmware can allow it.
Eventually I gave up. In order to get my network back online I configured the subnet immediately at the Cisco without a DMZ. I really don't like this configuration. But at least I can read my email again.
I have several options that I am now exploring.