---- Original message ---- >Date: Thu, 18 May 2006 23:26:19 +0100 >From: Daniel Walrond <[EMAIL PROTECTED]> >Subject: Re: pppoe, binat and netopia router: apache virtual hosting >To: Jacob Yocom-Piatt <[EMAIL PROTECTED]> >Cc: [email protected] > >On Mon, May 08, 2006 at 02:43:38PM -0500, Jacob Yocom-Piatt wrote: >> this raises another question i've had on my mind for quite some time: >> what, if any, are the advantages of doing pppoe using openbsd, as >> opposed to using a hardware router of some sort? > >You get to use OpenBSD as your sole firewall rather than relying on a >cut down Linux install or VxWorks with no real memory management. Take >note of the bug in the SPI of Netgear routers which caused the modem to >drop its connection. What other bugs lurk in some propriority software. > >Advantages being all those security enhancement which come along with >with OpenBSD. If it's a firewall and you don't need to rely on ports >then it might be worth enabling guard pages. Check malloc(3) for >details. Since enabling it by default would break far too many 3rd party >ports. > >If you have a block of IPs then having one firewall can save you wasting >IPs. I'm sure there's some scrub ttl hack you could do to hide the >second firewall. > >In my opinion the OpenBSD kernel pppoe device is very reliable and far >better than the average cheap consumer ADSL modem/router. >
this is the route i ended up going: put the router in "bridge mode" and let openbsd do all the routing of public IPs. aside from the issue of needing a local nameserver to map the domains i serve to their private IPs (since binat doesn't allow local machines to access the mapped public IPs), it works just how i want :). it would be a plus if there were a method for pppoe failover, but this can likely be achieved using ifstated and a bit of creativity. has anybody done this?
