Da Rock wrote: [snip] > I'm assuming the problem with double nat'ing is the confusion in packet > traffic. So if the OP is using his ADSL modem to connect to the net, > then it could be safe to assume the public IP would be to the modem > itself, and not his box (barring the possible use of USB), so then the > nat'ing would already be done. Therefore, the best and easiest way would > be to simply bridge his interfaces- correct? Less overheads, etc, plus > simplicity of setup. >
There is another option, a variant of which I use. My el cheapo deluxe DSL modem has really crappy broken firewall and DNS implementations. Wireshark showed Windows Messenger service spam leaking past and as soon as I saw that I assumed it was probably the tip of the iceberg. You can also bridge the modem (disabling it's NAT as well). In a fully bridged configuration your FreeBSD gateway will have to perform PPPoE handshake and login as well. I use a second option called split-bridge, which they have named "IP Passthrough". This allows the DSL modem to be responsible for the PPPoE session. It works by passing the WAN public IP to the Internet facing NIC in my FreeBSD box via DHCP. So, while my interior LAN NIC is static, my outside NIC is ifconfig_xl0="DHCP". It gets assigned whatever IP Verizon sends. I just like this particular arrangement better. I run a caching/hybrid DNS server on the gateway as well. I've used this configuration for about 2 years now and it has served me well. I also use ALTQ to prioritize outgoing acks, as this seems to be helpful when using asymmetric DSL. [snip] -Mike _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"