From owner-freebsd-questions@FreeBSD.ORG Thu Oct 16 11:26:36 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6344B106568B for ; Thu, 16 Oct 2008 11:26:36 +0000 (UTC) (envelope-from rock_on_the_web@comcen.com.au) Received: from mail.unitedinsong.com.au (202-172-126-254.cpe.qld-1.comcen.com.au [202.172.126.254]) by mx1.freebsd.org (Postfix) with ESMTP id 11D0E8FC18 for ; Thu, 16 Oct 2008 11:26:35 +0000 (UTC) (envelope-from rock_on_the_web@comcen.com.au) Received: from [192.168.0.185] (unknown [192.168.0.185]) by mail.unitedinsong.com.au (Postfix) with ESMTP id AC1BA4056 for ; Thu, 16 Oct 2008 21:26:44 +1000 (EST) From: Da Rock To: freebsd-questions@freebsd.org In-Reply-To: References: <831334.93256.qm@web56806.mail.re3.yahoo.com> <1224138644.3458.97.camel@laptop1.herveybayaustralia.com.au> Content-Type: text/plain Date: Thu, 16 Oct 2008 21:29:04 +1000 Message-Id: <1224156544.3458.104.camel@laptop1.herveybayaustralia.com.au> Mime-Version: 1.0 X-Mailer: Evolution 2.12.3 (2.12.3-5.fc8) Content-Transfer-Encoding: 7bit Subject: Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2008 11:26:36 -0000 On Thu, 2008-10-16 at 06:54 -0400, Michael Powell wrote: > Da Rock wrote: > > [snip] > > I'm assuming the problem with double nat'ing is the confusion in packet > > traffic. So if the OP is using his ADSL modem to connect to the net, > > then it could be safe to assume the public IP would be to the modem > > itself, and not his box (barring the possible use of USB), so then the > > nat'ing would already be done. Therefore, the best and easiest way would > > be to simply bridge his interfaces- correct? Less overheads, etc, plus > > simplicity of setup. > > > > There is another option, a variant of which I use. My el cheapo deluxe DSL > modem has really crappy broken firewall and DNS implementations. Wireshark > showed Windows Messenger service spam leaking past and as soon as I saw > that I assumed it was probably the tip of the iceberg. > > You can also bridge the modem (disabling it's NAT as well). In a fully > bridged configuration your FreeBSD gateway will have to perform PPPoE > handshake and login as well. > Setting up the modem itself this way can be tricky at times, depending on the model and the service. One gotcha with this method can be if your ISP is using heartbeat, and so you'll have to either script yourself or find one that suits. > I use a second option called split-bridge, which they have named "IP > Passthrough". This allows the DSL modem to be responsible for the PPPoE > session. It works by passing the WAN public IP to the Internet facing NIC > in my FreeBSD box via DHCP. So, while my interior LAN NIC is static, my > outside NIC is ifconfig_xl0="DHCP". It gets assigned whatever IP Verizon > sends. > Is this also called IP spoofing? > I just like this particular arrangement better. I run a caching/hybrid DNS > server on the gateway as well. I've used this configuration for about 2 > years now and it has served me well. I also use ALTQ to prioritize outgoing > acks, as this seems to be helpful when using asymmetric DSL. > Sounds very stable- I might have to look into the ALTQ (one day, when I finally get through my other projects... :) ).