From owner-freebsd-hardware@FreeBSD.ORG Tue Aug 16 08:06:21 2005 Return-Path: X-Original-To: freebsd-hardware@freebsd.org Delivered-To: freebsd-hardware@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4AA7E16A41F for ; Tue, 16 Aug 2005 08:06:21 +0000 (GMT) (envelope-from jhs@flat.berklix.net) Received: from tower.berklix.org (tower.berklix.org [83.236.223.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4BFCD43D45 for ; Tue, 16 Aug 2005 08:06:19 +0000 (GMT) (envelope-from jhs@flat.berklix.net) Received: from js.berklix.net (p549A4112.dip.t-dialin.net [84.154.65.18]) (authenticated bits=0) by tower.berklix.org (8.12.9p2/8.12.9) with ESMTP id j7G86Gxr060150; Tue, 16 Aug 2005 10:06:17 +0200 (CEST) (envelope-from jhs@flat.berklix.net) Received: from fire.jhs.private (fire.jhs.private [192.168.91.41]) by js.berklix.net (8.12.11/8.12.11) with ESMTP id j7G86Ces001138; Tue, 16 Aug 2005 10:06:12 +0200 (CEST) (envelope-from jhs@flat.berklix.net) Received: from fire.jhs.private (localhost.jhs.private [127.0.0.1]) by fire.jhs.private (8.13.1/8.13.1) with ESMTP id j7G86RCB002927; Tue, 16 Aug 2005 10:06:27 +0200 (CEST) (envelope-from jhs@fire.jhs.private) Message-Id: <200508160806.j7G86RCB002927@fire.jhs.private> To: Simon Morgan From: "Julian Stacey" Organization: http://berklix.com Munich Unix, BSD, Internet Consultancy User-agent: EXMH http://beedub.com/exmh/ on FreeBSD http://freebsd.org X-URL: http://berklix.com/~jhs/ In-reply-to: Your message of "Mon, 15 Aug 2005 23:18:19 BST." Date: Tue, 16 Aug 2005 10:06:27 +0200 Sender: jhs@flat.berklix.net Cc: freebsd-hardware@freebsd.org Subject: Re: BSD PPPoA Hardware X-BeenThere: freebsd-hardware@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: General discussion of FreeBSD hardware List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Aug 2005 08:06:21 -0000 Simon Morgan wrote: > Hi, > > I have a PPPoA ADSL connection and would like to use FreeBSD or OpenBSD > as a gateway/server and am looking for compatible hardware that would > facilitate this. I'm specifically looking to avoid combination modem > + routers and NAT and port forwarding in particular. This will be > a pure routed IP setup. Obviously stability is very important (So > far I've been using a SpeedTouch 330 with Linux which hasn't been > fun). > Does anyone have any suggestions? Any advice is welcome. I use FreeBSD-4.10, but ideally that needs an MTU re assembly daemon /usr/ports/net/tcpmssd to surmount the 1492 below tun0: flags=8051 mtu 1492 else some near sites have trouble (more distant get limited & compensated elsewhere I guess) But it only affects a few sites for me so I have not installed tcpmssd (lazy & I'd want to think how tcpmssd might affect fragmented packet firewall rules). FreeBSD-5.* doesnt need that tcpmssd daemon port, it's built in i hear. I use a personal site specific ipfw ruleset, since then FreeBSD has an ipfw default ruleset for you to start with /usr/src/etc/rc.firewall* There's also /usr/ports/security/pf I havent tried it. To quote pkg-descr: Packet Filter (from here on referred to as PF) is OpenBSD's system for filtering TCP/IP traffic and doing Network Address Translation. PF is also capable of normalizing and conditioning TCP/IP traffic and providing bandwidth control and packet prioritization. Version 2.00 of this port has the same function set as found in OpenBSD 3.4 There's also in /etc/defaults/rc.conf ipfilter_enable="NO" Better discussed on freebsd-security@ My Deutsch Telekom provided splitter has an 8 pin output for the DT provided ADSL modem, which is what I use. I have a recently acquired, never used SpeedTouch 330 with a 2 wire terminating in a 6 pin plug. (D'loaded manual last night) I've not had time to consider a 6 / 8 converter. What was the No Fun bit of Linux + SpeedTouch 330 as firewall ? Ive heard often enough that Linux is no fun, but if the SpeedTouch 330 has problems what were they please ? -- Julian Stacey Consultant Systems Engineer, Munich. http://berklix.com Mail in Ascii (Html = Spam). Ihr Rauch = mein allergischer Kopfschmerz.