On Thu, 25 Aug 2005 15:28:36 +1000, Shane J Pearson wrote: >Hi Jared, > >On 25/08/2005, at 1:55 PM, jared r r spiegel wrote: >> >> the thread has kinda gone this way already, but i believe the only >> way you can get true "i don't have NAT" on PPPoA, outside of >> getting a >> "business class" service plan (or anything else with static IP WAN >> and LAN allocations) is going to have to end up with you running >> PPP daemon/process on your machine. for it to leave your PC to >> the modem as ATM would be a rare hardware combination. > >"Half-bridge mode" or in the case of my Netgear DG632, "MODEM mode", >allows me to use PPPoA in such a way that the MODEM deals with the >PPPoA, my OpenBSD firewall sees packets destined to my external public >IP address and I can use an MTU of 1500. No NAT being used on the >MODEM. I am using NAT on my firewall though and I have a static IP. > >I have not been able to get a Netcomm MODEM/Router with "half-bridge >mode" to be able to do this though. > > >Shane > >
I had no success with a Netcomm NB1300 either. I gave up debugging it but I can tell you that it drives the dhclient mad on OpenBSD because it only issues 60 second leases which results in 30 second renewal requests. Yeccchhhh! I have a swag of client sites where I set the modem up to PPPoALLC , NAT on, DMZ Host = 192.168.1.2 (the static IP for the firewall and then it works just as well with all traffic to the WAN IP hitting the firewall. It is not obvious to casual inspection and the client sites are rsyncing data around Australia quite happily. MTU=1500 of course. I have a /29 here and don't need to do that NAT/DMZ thing. I just assign the first of the usable IPs to my server LAN NIC and st the routing table in the modem to route the /29 to 192.168.1.2 and it all works. The NAT rule for the user LAN does : nat on $ext_if from $lan to any -> $fwint where $fwint is set to the IP address of the server LAN NIC. and so I don't need the WAN address on the box at all. There are lots more rules to get all the tricks firing. Ask and ye shall receive by private email. Use ash1 at my domain. >From the land "down under": Australia. Do we look <umop apisdn> from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
