Re: New ISP Conclusions
Jim Cheetham wrote: On Fri, Jan 2, 2009 at 8:23 AM, Bernard Frankpitt frankp...@slingshot.co.nz wrote: In the end I went for the cable modem option: It is the option offered by my Telstra, and I already have a cable connected to my house. ... When you go to a broadband connection, the ISP controls both sides of the link since they provide you with a stand-alone modem that usually connects to you computer via a TCP/IP link over Ethernet. That is a much easier set of protocols to design to. In addition, it is easy to put a firewall router between the modem and your machines to give you additional security. Just be aware that with Telstra, by default you get a real external IP address bound directly to your computer; if you are not running a pretty aggressive firewall you will now be processing all attack traffic directly on your machine. Of course, the majority of this will be stuff that subverts Windows machines, but some if it will be valid attacks against other services too. Attaching a Windows computer directly to Telstra's service is severely negligent. :-) The Telecom ADSL solution, where there is a NAT layer between you and the Internet run on a separate piece of hardware, is actually nicer from that perspective. I strongly recommend a separate machine of some description between you and the Telstra connection. Just what that is, depends on what you want to do with your new connection ... -jim Ironically your essentially on a Public LAN with your neighbours since your in a 255.255.255.0 (share bandwidth as well) netmask,I used my linux computer to route for my flat mates and I even had connection activity from within the subnet probably a worm (This mite be even more fun than an unsecured wireless network :P) and also your Choice in ISP was probably the only one you could choose Since your phone line is Telstra and they don't supply DSL over it and a help full tip, remember to throttle your P2P upload bandwidth, my friend accidentally clocked up a +$40 (or was that 40GB, can't remember) bill with his 2Mbit/s upload speed
Re: New ISP Conclusions
Jim Cheetham wrote: On Fri, Jan 2, 2009 at 8:23 AM, Bernard Frankpitt frankp...@slingshot.co.nz wrote: In the end I went for the cable modem option: It is the option offered by my Telstra, and I already have a cable connected to my house. ... When you go to a broadband connection, the ISP controls both sides of the link since they provide you with a stand-alone modem that usually connects to you computer via a TCP/IP link over Ethernet. That is a much easier set of protocols to design to. In addition, it is easy to put a firewall router between the modem and your machines to give you additional security. Just be aware that with Telstra, by default you get a real external IP address bound directly to your computer; if you are not running a pretty aggressive firewall you will now be processing all attack traffic directly on your machine. Of course, the majority of this will be stuff that subverts Windows machines, but some if it will be valid attacks against other services too. Attaching a Windows computer directly to Telstra's service is severely negligent. :-) The Telecom ADSL solution, where there is a NAT layer between you and the Internet run on a separate piece of hardware, is actually nicer from that perspective. I strongly recommend a separate machine of some description between you and the Telstra connection. Just what that is, depends on what you want to do with your new connection ... -jim Yes, I intend to put a firewalled wireless router between the cable modem and any machines that are attached. Bernie
Re: New ISP Conclusions
Jim Cheetham wrote: On Fri, Jan 2, 2009 at 8:23 AM, Bernard Frankpitt frankp...@slingshot.co.nz wrote: In the end I went for the cable modem option: It is the option offered by my Telstra, and I already have a cable connected to my house. ... When you go to a broadband connection, the ISP controls both sides of the link since they provide you with a stand-alone modem that usually connects to you computer via a TCP/IP link over Ethernet. That is a much easier set of protocols to design to. In addition, it is easy to put a firewall router between the modem and your machines to give you additional security. Just be aware that with Telstra, by default you get a real external IP address bound directly to your computer; if you are not running a pretty aggressive firewall you will now be processing all attack traffic directly on your machine. Of course, the majority of this will be stuff that subverts Windows machines, but some if it will be valid attacks against other services too. Attaching a Windows computer directly to Telstra's service is severely negligent. :-) The Telecom ADSL solution, where there is a NAT layer between you and the Internet run on a separate piece of hardware, is actually nicer from that perspective. I strongly recommend a separate machine of some description between you and the Telstra connection. Just what that is, depends on what you want to do with your new connection ... -jim Very Very ture guys, you ought to have seen the logfiles my firewall used to generate, Gigs and gigs of them!
New ISP Conclusions
Just some conclusions to follow up my earlier post: First: Thanks for all the replies and discussion. In the end I went for the cable modem option: It is the option offered by my Telstra, and I already have a cable connected to my house. Second: I was surprised to find the the ISP situation has changed drastically in the last three years. There are now essentially 4 ISPs in New Zealand: Telecom, Telstra, Vodaphone and Slingshot: Paradise and Clearnet are just brands for Telstra clear. Telstra has completely integrated the operation of these companies with its own TelstraClear service. While the old Paradise and Clearnet domain names still exist, all new users get TelstraClear accounts. IHug is now Vodaphone. I am sure there are still some small ISPs around, but it seems like the top end is well and truely shaken out. Third: As regards PPP over modem, I downloaded the relevant RFC's and looked pretty carefully at the PPP problem I was having. The problem I was having was in the LCP setup layer. It seems that Slingshot's state machine and the pppd state machine go out of sync when the Slingshot peer tries to renegotiate the LCP layer. The pppd peer ( the only side that I can see in detail ) looks to follow the RFC specification, but the whole thing is so complicated that I cannot conclude that the Slingshot peer is at fault. It may well be that the right combination of options to pppd will overcome this problem, but it is really a sticking plaster solution. The underlying issue is that PPP is a complicated protocol that involves extensive negotiation of parameters between the two peers at several protocol layers. While I am sure that whoever writes the ISP's peers could do better with their testing, I doubt if it is possible to come up with a test suite that guarantees the implementation is compliant with standard under all circumstances. I doubt that PPP over modem connections to any ISP will ever be truely Linux friendly in a set and forget sense. When you go to a broadband connection, the ISP controls both sides of the link since they provide you with a stand-alone modem that usually connects to you computer via a TCP/IP link over Ethernet. That is a much easier set of protocols to design to. In addition, it is easy to put a firewall router between the modem and your machines to give you additional security. Bernie Frankpitt
Re: New ISP Conclusions
On Fri, Jan 2, 2009 at 8:23 AM, Bernard Frankpitt frankp...@slingshot.co.nz wrote: In the end I went for the cable modem option: It is the option offered by my Telstra, and I already have a cable connected to my house. ... When you go to a broadband connection, the ISP controls both sides of the link since they provide you with a stand-alone modem that usually connects to you computer via a TCP/IP link over Ethernet. That is a much easier set of protocols to design to. In addition, it is easy to put a firewall router between the modem and your machines to give you additional security. Just be aware that with Telstra, by default you get a real external IP address bound directly to your computer; if you are not running a pretty aggressive firewall you will now be processing all attack traffic directly on your machine. Of course, the majority of this will be stuff that subverts Windows machines, but some if it will be valid attacks against other services too. Attaching a Windows computer directly to Telstra's service is severely negligent. :-) The Telecom ADSL solution, where there is a NAT layer between you and the Internet run on a separate piece of hardware, is actually nicer from that perspective. I strongly recommend a separate machine of some description between you and the Telstra connection. Just what that is, depends on what you want to do with your new connection ... -jim
Re: New ISP Conclusions
On 2/01/2009, at 8:23 AM, Bernard Frankpitt wrote: I was surprised to find the the ISP situation has changed drastically in the last three years. There are now essentially 4 ISPs in New Zealand: Telecom, Telstra, Vodaphone and Slingshot: Orcon (a large ISP that is now indirectly government-owned) and Xnet/ WorldXchange (a budget ISP) are pretty big in terms of subscriber numbers too. They sit in the chain at the same level that Vodafone and Slingshot/Callplus do, in that they sell DSL over Telecom's DSLAMs predominantly, but have either started deploying their own DSLAMs in some exchanges or plan to do so. There's also ten or so smaller ISPs around the place, some of which are predominantly regional. Basically all of them, with the exception of some wireless ISPs (of which Woosh is the most well known, but probably not for the right reasons), sell DSL services. There's also a few business ISPs around, and many of the above residential ISPs also have business services. -jasper
Re: New ISP Conclusions
Just some conclusions to follow up my earlier post: Is your date set correctly? Rob
