From owner-freebsd-questions@FreeBSD.ORG Thu Oct 16 10:50:41 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1FC8310656B7 for ; Thu, 16 Oct 2008 10:50:41 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id A4A6F8FC2B for ; Thu, 16 Oct 2008 10:50:40 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1KqQRA-0005xU-Iw for freebsd-questions@freebsd.org; Thu, 16 Oct 2008 10:50:36 +0000 Received: from pool-138-88-129-188.esr.east.verizon.net ([138.88.129.188]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 16 Oct 2008 10:50:36 +0000 Received: from nightrecon by pool-138-88-129-188.esr.east.verizon.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 16 Oct 2008 10:50:36 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Michael Powell Date: Thu, 16 Oct 2008 06:54:18 -0400 Lines: 37 Message-ID: References: <831334.93256.qm@web56806.mail.re3.yahoo.com> <1224138644.3458.97.camel@laptop1.herveybayaustralia.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7Bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: pool-138-88-129-188.esr.east.verizon.net Sender: news Subject: Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: nightrecon@verizon.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2008 10:50:41 -0000 Da Rock wrote: [snip] > I'm assuming the problem with double nat'ing is the confusion in packet > traffic. So if the OP is using his ADSL modem to connect to the net, > then it could be safe to assume the public IP would be to the modem > itself, and not his box (barring the possible use of USB), so then the > nat'ing would already be done. Therefore, the best and easiest way would > be to simply bridge his interfaces- correct? Less overheads, etc, plus > simplicity of setup. > There is another option, a variant of which I use. My el cheapo deluxe DSL modem has really crappy broken firewall and DNS implementations. Wireshark showed Windows Messenger service spam leaking past and as soon as I saw that I assumed it was probably the tip of the iceberg. You can also bridge the modem (disabling it's NAT as well). In a fully bridged configuration your FreeBSD gateway will have to perform PPPoE handshake and login as well. I use a second option called split-bridge, which they have named "IP Passthrough". This allows the DSL modem to be responsible for the PPPoE session. It works by passing the WAN public IP to the Internet facing NIC in my FreeBSD box via DHCP. So, while my interior LAN NIC is static, my outside NIC is ifconfig_xl0="DHCP". It gets assigned whatever IP Verizon sends. I just like this particular arrangement better. I run a caching/hybrid DNS server on the gateway as well. I've used this configuration for about 2 years now and it has served me well. I also use ALTQ to prioritize outgoing acks, as this seems to be helpful when using asymmetric DSL. [snip] -Mike