Dump your DSL Router and upgrade to Fiber

If you are running a DSL router, your ISP gives you an IP address which is the world address of that router. Of course it should be permanent. But you have to forward all the ports to your servers that are connected to it in order for the services to work. For example: Websites or VPN. And you have to rent a router from your ISP or buy one. If you are running Linux, you can skip all that.

I use a ZTEG V6.0.1P1T12 ONT which I bought on AliExpress for $18. I also bought a spare and changed the Serial Number to match the first one so I can swap them anytime without needing to inform my ISP. The out of the box configuration works for what I use it for. Which is: PPPOE from the kernel. The Linux box becomes the router with minimal overhead. It also becomes the server with the Global IP address. If needed it can also forward ports to other internal servers if needed.

What are the steps?
Buy a ZTEG ONT.
  This is from Bezeq's list of approved "ציוד קצה".

ZTEG F601


Connect it to your Linux box.
  You can log into its setup at 192.168.1.1 using admin admin.
  Here you can see the software version. If it is not V6.0.1P1T12 then upgrade or downgrade. There are tutorials on the web to show you how.
  Here you can also get your serial number which Bezeq needs to connect you.

ZTEG ONT


Setup /etc/ppp with the username and password from Bezeq.
  Add the script as a system service that can be permanently enabled.
  #!/bin/bash
  #/etc/ppp/rc.pppoe
  /usr/sbin/pppd plugin rp-pppoe.so eth1 linkname ADSL-$$ user "myusername@013net" defaultroute netmask 255.0.0.0 noauth lcp-echo-interval 60 lcp-echo-failure 3 nobsdcomp usepeerdns
  If this works so far, then do ifconfig and you will see the ppp0 interface listing your permanent IP and the gateway IP.

Change the DNS pointers on all your websites to point to the new IP address.

Change all references to your DNS servers to your new ISP's if you changed ISP.
  resolv.conf etc...

Fix your firewall including any new port forwarding to services not on this server.
  Change mangled packet size of FORWARD from static IPs to 1452 before other FORWARD commands
  add rule ip nat POSTROUTING oifname "ppp0" counter masquerade
  add rule ip filter FORWARD oifname "ppp0" tcp flags syn tcp option maxseg size set 1452

Letsencrypt's certbot has to be run on all your domains using the new IP address.

Change your routing table.

Sendmail and Dovecot certificates may need to be updated.

Test all users of Thunderbird etc that they send and receive mail. Hopefully they were configured with mail.something.com and not 8.8.8.8

Updated 19 Aug 2024
by Kevin Gyllenberg.