I’ve been lamenting about the too-small NAT table on my FiOS router for a while now. Fortunately, a comment posted to that article by ‘Christian’ pointed me to this article which walks through the process of converting the expensive, powerful, feature-rich Actiontek router into a dumb Ethernet-to-Coax bridge, which it exactly what I want.

I went through the steps, and had almost no problems. I suggest you backup your router configuration with the Save Configuration function before you start, and the article didn’t mention you need to disable DHCP on the router in order for Verizon to answer your DHCP request.

I did have to tweak my OpenBSD 3.7 router a bit, though.

First, I had configured it so its WAN interface had a static IP in the subnet of the Actiontek router. The router was 192.168.2.1 and my OBSD box was 192.168.2.2. After this change, the Actiontek box still has an IP for accessing it’s web-based admin tool, but it is no longer a router, so I had to configure my OBSD WAN port for DHCP.

First I ran dhclient xl0 to verify that it was able to get a DHCP lease from Verizon, and sure enough, it did.

Next I edited /etc/hostname.xl0 (where xl0 is the interface name of my WAN NIC), replacing all of the previous content with dhcp. After that I rebooted to see how it worked.

On the face of it, it worked fine, until I happened to read in the OBSD Handbook that dhclient rewrites your resolv.conf file with the DNS server info that comes back from the DHCP request. In this case, I trust Verizon’s DNS like I trust Mahmoud Ahmedinajad with a nuke, so whatever they’re selling I’m not interested. Unfortunately, dhclient had already clobbered my old resolv.conf file and replaced it with one pointing to Verizon’s DNS. Ick.

So I edited /etc/dhclient.conf per the handbook’s instructions, uncommenting the request lines and removing domain-name-servers from the list. (NB: I also removed domain-name since I didn’t think I wanted Verizon’s DHCP overriding my hostname, only to find that disabling that prevents the creation of a default route on the WAN link, which could definitely ruin someone’s day I forgot to delete /etc/mygate now that I’m on DHCP, so no default route was being created unless I ran dhclient after network startup). Then I rewrote /etc/resolv.conf to point to my local DNS server (which forwards to OpenDNS):

 nameserver 127.0.0.1
 domain ho.apocryph.org
 lookup file bind

Now everything is working fine, I’m not running out of NAT entries, and I’m completely off Verizon’s flaky DNS. Thanks for the tip, Christian.

UPDATE: Turns out the domain DHCP param had nothing to do with the missing default route. Update in place.