On September 8, 2008 09:54:22 am Peter Kay - Syllopsium wrote: > >From: "Vijay Sankar" <[EMAIL PROTECTED]> > >To: "Peter Kay - Syllopsium" <[EMAIL PROTECTED]> > >Cc: <[email protected]> > >Sent: Monday, September 08, 2008 2:50 PM > >Subject: Re: Bridging pppoe(4) to another NIC - is this even possible, as > >it appears impossible to change the MTU? > > > > On September 8, 2008 06:43:45 am Peter Kay - Syllopsium wrote: > >> Also, even if I could get the MTUs to match, bridge complains on startup > >> because pppoe0 does not yet exist. Is there a more elegant solution than > >> a > >> shellscript with a delay and a series of brconfig commands to fix this? > > > > Not sure whether the following is appropriate under your circumstances > > but I > > can try to describe a different solution. > > > > We have 8 IP addresses with an ADSL connection (6 with the ISP here calls > > it > > a "framed route" and 2 that are static) and we set pf up as follows: > > > > ext_if="pppoe0" > > int_if="rl0" > > dmz_if="dc1" > > > > scrub out on $ext_if max-mss 1440 > > > > One of the 6 addresses is the DMZ interface's IP and I am routing all the > > other public IP's through this. So I don't have to bridge in my scenario > > and > > it has worked very well. Interface fxp0 is connected to the DSL modem and > > has > > the Ethernet default MTU of 1500 and pppoe0 has MTU of 1492. > > > > fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > > lladdr xx:xx:xx:xx:xx:xx > > media: Ethernet autoselect (100baseTX full-duplex) > > status: active > > > > pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492 > > dev: fxp0 state: session > > sid: 0x64e5 PADI retries: 0 PADR retries: 0 time: 36d 04:02:01 > > sppp: phase network authproto pap authname "xxxxxxxxx" > > groups: pppoe egress > > inet aaa.bbb.ccc.ddd --> eee.fff.ggg.hhh netmask 0xffffffff > > > > I am using kernel -mode pppoe. > > > > -- > > Vijay Sankar, M.Eng., P.Eng. > > ForeTell Technologies Limited > > 59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6 > > Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED] > > OK.. I presume routing is also turned on in your scenario? > > Unless I'm missing something though, aren't you losing two of your 8 IP > addresses - one to PPPoE and one to the DMZ? A main point of me running > PPPoE on the firewall is that I only lose one of my 6 available (obviously > network and broadcast eat two of my eight) WAN addresses. If I wanted to > lose two I could leave it as is, with the router establishing the PPPoE > connection, the external interface on the firewall with a WAN IP, and a > transparent bridge to the DMZ. > > PK
Yes, net.inet.ip.forwarding=1 here. I did not think of it as losing two IP addresses because first of all the pppoe address is required on the firewall's external interface in order to route to the block of 6 addresses for the "framed route". The DMZ address does use up one of the 6 IP addresses and the other 5 hosts in the DMZ uses that address as their route. But since I did not need 6 separate IP addresses in the DMZ it was not a problem for me. -- Vijay Sankar, M.Eng., P.Eng. ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6 Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED]
