Da Rock wrote:

> I'm assuming the problem with double nat'ing is the confusion in packet
> traffic. So if the OP is using his ADSL modem to connect to the net,
> then it could be safe to assume the public IP would be to the modem
> itself, and not his box (barring the possible use of USB), so then the
> nat'ing would already be done. Therefore, the best and easiest way would
> be to simply bridge his interfaces- correct? Less overheads, etc, plus
> simplicity of setup.

There is another option, a variant of which I use. My el cheapo deluxe DSL
modem has really crappy broken firewall and DNS implementations. Wireshark
showed Windows Messenger service spam leaking past and as soon as I saw
that I assumed it was probably the tip of the iceberg.

You can also bridge the modem (disabling it's NAT as well). In a fully
bridged configuration your FreeBSD gateway will have to perform PPPoE
handshake and login as well. 

I use a second option called split-bridge, which they have named "IP
Passthrough". This allows the DSL modem to be responsible for the PPPoE
session. It works by passing the WAN public IP to the Internet facing NIC
in my FreeBSD box via DHCP. So, while my interior LAN NIC is static, my
outside NIC is ifconfig_xl0="DHCP". It gets assigned whatever IP Verizon

I just like this particular arrangement better. I run a caching/hybrid DNS
server on the gateway as well. I've used this configuration for about 2
years now and it has served me well. I also use ALTQ to prioritize outgoing
acks, as this seems to be helpful when using asymmetric DSL.    


freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to