Date: Thu, 16 Oct 2008 04:43:48 -0700 From: Jeremy Chadwick <koitsu@FreeBSD.org> To: Da Rock <rock_on_the_web@comcen.com.au> Cc: freebsd-questions@freebsd.org Subject: Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system Message-ID: <20081016114348.GA8970@icarus.home.lan> In-Reply-To: <1224156544.3458.104.camel@laptop1.herveybayaustralia.com.au> References: <831334.93256.qm@web56806.mail.re3.yahoo.com> <1224138644.3458.97.camel@laptop1.herveybayaustralia.com.au> <gd769f$8fg$1@ger.gmane.org> <1224156544.3458.104.camel@laptop1.herveybayaustralia.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 16, 2008 at 09:29:04PM +1000, Da Rock wrote: > > On Thu, 2008-10-16 at 06:54 -0400, Michael Powell wrote: > > Da Rock wrote: > > > > [snip] > > > I'm assuming the problem with double nat'ing is the confusion in packet > > > traffic. So if the OP is using his ADSL modem to connect to the net, > > > then it could be safe to assume the public IP would be to the modem > > > itself, and not his box (barring the possible use of USB), so then the > > > nat'ing would already be done. Therefore, the best and easiest way would > > > be to simply bridge his interfaces- correct? Less overheads, etc, plus > > > simplicity of setup. > > > > > > > There is another option, a variant of which I use. My el cheapo deluxe DSL > > modem has really crappy broken firewall and DNS implementations. Wireshark > > showed Windows Messenger service spam leaking past and as soon as I saw > > that I assumed it was probably the tip of the iceberg. > > > > You can also bridge the modem (disabling it's NAT as well). In a fully > > bridged configuration your FreeBSD gateway will have to perform PPPoE > > handshake and login as well. > > > > Setting up the modem itself this way can be tricky at times, depending > on the model and the service. One gotcha with this method can be if your > ISP is using heartbeat, and so you'll have to either script yourself or > find one that suits. > > > I use a second option called split-bridge, which they have named "IP > > Passthrough". This allows the DSL modem to be responsible for the PPPoE > > session. It works by passing the WAN public IP to the Internet facing NIC > > in my FreeBSD box via DHCP. So, while my interior LAN NIC is static, my > > outside NIC is ifconfig_xl0="DHCP". It gets assigned whatever IP Verizon > > sends. > > > > Is this also called IP spoofing? No, this is **NOT** IP spoofing. What Michael's describing is a feature many DSL modems offer. There is no official term for what it is, since DSL modems are supposed to be bridges (layer 2 devices), but in fact this feature causes the modem to act like something that sits between layer 2 and layer 3 -- yet is not a router. Different modems call it something different. If you enable this feature, what happens is this: The modem requires you to access its administrative web page. You insert your PPPoE Username and Password (which it saves to NVRAM/EEPROM), and click Connect. The DSL modem then continues to do the PPPoE encapsulation, so that your FreeBSD box, Windows box, or whatever (that's connected to the DSL modem on the LAN port) does not have to. The modem is given an IP address as part of the PPPoE hand-off. That IP address is, of course, a public Internet IP. The modem also enables use of a DHCP server, so that a machine connect to its LAN port can do a DHCP request and get an IP address -- but here's the kicker. The IP address the modem returns to the machine on the LAN is the public IP address the ISP gave the modem via PPPoE. "So how does this work?" All network I/O between the LAN port and the modem itself is done at layer 2 past that point -- meaning, the modem acts "almost purely" as a bridge from that point forward: but it still does the PPPoE encapsulation for you. So, like I said, the modem acts like a device that sits between layer 2 and layer 3. Does this make more sense? The reason this feature is HIGHLY desired is because not all PPPoE implementations are compatible with an ISPs implementation. It is *always* best to use whatever equipment they give you or guarantee works with them; using your own, or some other PPPoE daemon/method, can result in lots of trouble. I've personally used this method, I might add. I can give you reference material on how to set it up and use it, over at dslreports.com. Lots of DSL modems these days offer said feature. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081016114348.GA8970>