On Friday 31 Oct 2014 06:52:54 J. Roeleveld wrote: > On Tuesday, October 28, 2014 07:31:56 PM Marc Joliet wrote: > > Am Tue, 28 Oct 2014 16:28:37 +0000
> > (I found a copy here: > > http://www.kabelfernsehen.ch/dokumente/quicknet/HandbuchTHG570.pdf) > > refers > > > > to "Transparent bridging for IP traffic", and AFAICT makes no mention of > > routing. It does explicitly say that it gets an IP address from the ISP, > > so I suspect that it acts as a bridge for all IP clients (like the "IP > > Client Mode" in Fritz!Box routers). So it sounds to me that the DHCP > > packets likely come from a server beyond the router. Is this the half > > bridge mode you alluded to? > > Not sure about half-bridge mode. But most cable-modems work in bridge-mode. > (If they have more then 1 ethernet-port, they act as routers) Yes, it seems to be a fully bridged modem. A PC or router behind it will be accessible from the Internet using your public IP address provided by the ISP. In a fully bridged mode the modem only manages encapsulation of your LAN hosts ethernet packets (using DOCSIS frames in the case of cable, or ATM frames in the case of ADSL). PPPoE or any other authentication method is undertaken by the PC or by the router behind it. There's no NAT'ing or routing performed by the modem - it is just a transparent bridge. In a typical half bridged mode the modem performs encapsulation of your packets AND authentication with the ISP's radius server. It also passes the public IP address over to the host in the LAN, but it doesn't just bridge - it routes it. The half bridged modem acts as an arp proxy. Some implementations advertise more addresses on the LAN side than the public ISP's address and offer the host a different IP address to the ISP's (usually public IP + 1 with 255.255.255.0 instead of 255.255.255.255). MSWindows machines work fine with this, but Linux won't work without setting a static route to the ISP's gateway and complains that the gateway is not on public-IP/32. Cisco routers barf at this problem too. > > Oh, and there are two powerline/dLAN adapters in between (the modem is > > in > > > > the room next door), but direct connections between my computer and my > > brother's always worked, and they've been reliable in general, so I > > assume that they're irrelevant here. > > Uh-oh... If you have multiple machines that can ask for a DHCP-lease, you > might keep getting a different result each time it tries to refresh. > > > Furthermore, I found out the hard way that you *sometimes* need to > > reboot > > > > the modem when connect a different client for the new client to get a > > response from the DHCP server (I discovered this after wasting half a day > > trying to get our router to work, it would log timeouts during > > DHCPDISCOVER). I didn't think it was the modem because when we first got > > it, I could switch cables around between my computer and my brother's and > > they would get their IP addresses without trouble. *sigh* > > That's a common flaw. These modems are designed with the idea that people > only have 1 computer. Or at the very least put a router between the modem > and whatever else they have. > Please note, there is NO firewall on these modems and your machine is fully > exposed to the internet. Unless you have your machine secured and all > unused services disabled, you might as well assume your machine > compromised. Yes, the way these modems work you may need to reboot the modem so that it flushes its arp cache if you start reconnecting machines to it. > I once connected a fresh install directly to the modem. Only took 20 > seconds to get owned. (This was about 9 years ago and Bind was running) > > > - At the time there was no router, just the modem. We now have a > > Fritz!Box > > > > 3270 with the most recent firmware, but we got it after I "solved" this > > problem. > > > > - I don't know whether we have an IP block or not; I suspect not. At the > > very least, we didn't make special arrangements to try and get one. > > Then assume not. Most, if not all, ISPs charge extra for this. (If they > even offer it) You would typically have two IP addresses with a half bridged modem, but only one of these would be usable by the PC/router in your LAN. Personally I find all this a bothersome faff and only buy and set up modems in fully bridged mode, so that they get out of the way and let me route things using a router. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
