Re: ADSL modem ip addresses
On Fri, Oct 24, 2003 at 02:43:38PM +0100, Vince Hoffman wrote: On Fri, Oct 10, 2003 at 11:29:08PM +0930, Ian Moore wrote: What's the best way then to connect it to the ADSL line? I feel its best to have a hardware modum that also knows how to build up the connection. I've set my ADSL modum up so that it builds the connection and then route the packets to my gateway computer. Or can we use a USB connection instead - are there FBSD drivers for ADSL modems? I can't see any in the supported hardware list. I wound't go for a USB connection. Can you or anyone on the list recoment a good, supported ADSL modem as i will be getting adsl with a static IP which i want assigned to my freebsd firewall not a adsl router. Assuming you planing your modum to build up the connection (i.e. you turn it on and you have a internet connection.), then it doesn't matter if FreeBSD support it or not. What you looking for is a modum that has a IP connection for your intranet and a connetion for your intranet (line input). I have the cheap ALCATEL which could be converted to the more expencive version. I started out calling in with a PPTP client, but switch because the line kept dropped. Then I let the modum have the public IP, turned on nat on the modum and let it build up the connection. Recently I switch this off nat (because of slot limitations) and used a routing option istead. My gateway doesn't have a clue about how to build up the connection it just uses it and it talk normal IP protocol, not PPTP. What you are looking for in a ADSL modum is: (in short) - line in connection to the internet - IP connection to your intranet (local LAN) - Ability to build the connection it self (inclinding convertion PPP to PPTP or any other protocol that requered) - Abilty to route packets though - Its not a must, but it would be nice to have a nat option on it, just as a backup. P.S. Please cut unrelated text out!! -- Alex Articles based on solutions that I use: http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ADSL modem ip addresses
On Fri, Oct 10, 2003 at 11:29:08PM +0930, Ian Moore wrote: Hi, I'm organising an ADSL connection and I'm a bit confused about our options. We need to provide web, ssh and mail access to our network for users from home across the Internet with an ADSL connection. I figure the best way to do this is to setup a new machine to act as a firewall and run a web server sendmail on this box. (or I have seen something about using socket to divert these services to our existing server which has a private address). The firewall would have a NIC with a private IP address to connect to the rest of our network. What's the best way then to connect it to the ADSL line? I feel its best to have a hardware modum that also knows how to build up the connection. I've set my ADSL modum up so that it builds the connection and then route the packets to my gateway computer. Do we have a second NIC in the firewall machine with a real IP address You do need a second NIC on the gateway. Either the gateway or the modum needs to have the public (real) IP. connected to an ADSL modem and use ppp -natd on that interface? You like to run natd yes. If you go for a build up of the connection with ppp then this is the way to go. If you don't then you can enable it in rc.conf. Does that mean we'd need 2 static IP addresses - one for the firewall one for the modem? (We really don't want to pay for 2 addresses) You don't need that. Natd forwards work fine with one public IP adress. Or can we use a USB connection instead - are there FBSD drivers for ADSL modems? I can't see any in the supported hardware list. I wound't go for a USB connection. Or do we use a combined modem/router device to do the nat firewalling and have it redirect mail, web ssh access to our main server? (is that possible or do such devices not allow access into the network from the 'net?) Having a modum that know how to build up the connection and route it is the soluiton in my view. I feel that its better to have a *BSD box being the router, because router have a limmited memory. (Mine only had 256 slots for routing which was not suffecient in my case, because i run mldonky or posibly kazza. This problem doesn't accoure with a BSD box.) As a side not. If you care about security assume your gateway has bin comprimised at all time. So also setup firewall on you other machines. This way you are better protected. -- Alex ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ADSL modem ip addresses
On Fri, Oct 10, 2003 at 11:29:08PM +0930, Ian Moore wrote: Hi, I'm organising an ADSL connection and I'm a bit confused about our options. We need to provide web, ssh and mail access to our network for users from home across the Internet with an ADSL connection. I figure the best way to do this is to setup a new machine to act as a firewall and run a web server sendmail on this box. (or I have seen something about using socket to divert these services to our existing server which has a private address). The firewall would have a NIC with a private IP address to connect to the rest of our network. What's the best way then to connect it to the ADSL line? I feel its best to have a hardware modum that also knows how to build up the connection. I've set my ADSL modum up so that it builds the connection and then route the packets to my gateway computer. Do we have a second NIC in the firewall machine with a real IP address You do need a second NIC on the gateway. Either the gateway or the modum needs to have the public (real) IP. connected to an ADSL modem and use ppp -natd on that interface? You like to run natd yes. If you go for a build up of the connection with ppp then this is the way to go. If you don't then you can enable it in rc.conf. Does that mean we'd need 2 static IP addresses - one for the firewall one for the modem? (We really don't want to pay for 2 addresses) You don't need that. Natd forwards work fine with one public IP adress. Or can we use a USB connection instead - are there FBSD drivers for ADSL modems? I can't see any in the supported hardware list. I wound't go for a USB connection. Can you or anyone on the list recoment a good, supported ADSL modem as i will be getting adsl with a static IP which i want assigned to my freebsd firewall not a adsl router. Or do we use a combined modem/router device to do the nat firewalling and have it redirect mail, web ssh access to our main server? (is that possible or do such devices not allow access into the network from the 'net?) Having a modum that know how to build up the connection and route it is the soluiton in my view. I feel that its better to have a *BSD box being the router, because router have a limmited memory. (Mine only had 256 slots for routing which was not suffecient in my case, because i run mldonky or posibly kazza. This problem doesn't accoure with a BSD box.) As a side not. If you care about security assume your gateway has bin comprimised at all time. So also setup firewall on you other machines. This way you are better protected. -- Alex ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ADSL modem ip addresses
Hi, You need a single machine with two nics to setup as a firewall machine. You should not require a second IP address. If you google for howtos on setting up FreeBSD as a gateway machine/sharing cable/sharing adsl etc etc you will find heaps of easy to follow articles. Furthermore, if your provider will give you a choice then the hardware IMHO of choice is a DSL bridge. Run PPPoE from the FreeBSD machine. FWIW I went from having /29 to a single address and there was a little initial pain in getting the NAT/routing setup appropriately but after pulling out lots of hair it finally works. Whilst on the subject, the kind of stress and overhead that PPPoE puts on a FreeBSD machine is negligible. I have a fibre connection which at times hits 70Mb and the machine ( a lazy PII 300 w 256Mb of RAM ) never gets above 15% CPU usage. So any old machine you have lying around in bits will probably do very nicely. HTH LukeK On Fri, 10 Oct 2003 23:29:08 +0930 Ian Moore [EMAIL PROTECTED] spake thus: Hi, I'm organising an ADSL connection and I'm a bit confused about our options. We need to provide web, ssh and mail access to our network for users from home across the Internet with an ADSL connection. I figure the best way to do this is to setup a new machine to act as a firewall and run a web server sendmail on this box. (or I have seen something about using socket to divert these services to our existing server which has a private address). The firewall would have a NIC with a private IP address to connect to the rest of our network. What's the best way then to connect it to the ADSL line? Do we have a second NIC in the firewall machine with a real IP address connected to an ADSL modem and use ppp -natd on that interface? Does that mean we'd need 2 static IP addresses - one for the firewall one for the modem? (We really don't want to pay for 2 addresses) Or can we use a USB connection instead - are there FBSD drivers for ADSL modems? I can't see any in the supported hardware list. Or do we use a combined modem/router device to do the nat firewalling and have it redirect mail, web ssh access to our main server? (is that possible or do such devices not allow access into the network from the 'net?) Cheers, Ian ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Luke Kearney [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ADSL modem ip addresses
-Original Message- From: [EMAIL PROTECTED] [mailto:owner-freebsd- [EMAIL PROTECTED] On Behalf Of Ian Moore Sent: October 10, 2003 9:59 AM To: freebsd-questions Subject: ADSL modem ip addresses Hi, I'm organising an ADSL connection and I'm a bit confused about our options. We need to provide web, ssh and mail access to our network for users from home across the Internet with an ADSL connection. I figure the best way to do this is to setup a new machine to act as a firewall and run a web server sendmail on this box. (or I have seen something about using socket to divert these services to our existing server which has a private address). It's not a wise move to run the services on the same machine as your firewall. You can setup an openbsd machine to serve as your firewall on a very inexpensive old machine, running it as a gateway as well. You can then forward specific ports (80, 25, 110 in your case) to your services machine running either in a DMZ or behind the firewall. Regarding the whole diverting issue, I encourage you to google dual homed hosts I had some pretty favourites on my windows machine but I lost them all when a hard drive died or I'd have some good ones for you. The firewall would have a NIC with a private IP address to connect to the rest of our network. What's the best way then to connect it to the ADSL line? Do we have a second NIC in the firewall machine with a real IP address connected to an ADSL modem and use ppp -natd on that interface? Does that mean we'd need 2 static IP addresses - one for the firewall one for the modem? (We really don't want to pay for 2 addresses) If you use pppoe, you can run ppp -ddial -quiet on startup by including that in rc.conf. Checkout /etc/defaults/rc.conf. I setup a machine to act as a gateway/firewall for 5 PC's on a 3mbit dsl line once... on a P120 and it ran flawlessly. You don't need two IP's. Your modem *shouldn't* have to have an IP. If it does, it's because it also acts as a router and hence does the pppoe auth. I suppose you can use that as a router instead.. it's your network ;) I like the flexibility my router provides me however. It's remarkably easy to setup as well. Again I don't have any links right now off-hand, but if you search for pppoe + freebsd + ipnat or something you'll find some very good tutorials. There was this one for a cable connection I used as a guide the first time, and just followed the steps from other sources for setting up PPPoE. Or can we use a USB connection instead - are there FBSD drivers for ADSL modems? I can't see any in the supported hardware list. AFAIK, there is no support (yet?) for a usb modem. I don't like them anyway - I keep my apples with my apples, my oranges with... you guessed it, the oranges. ADSL = network related stuff = runs on Ethernet. Or do we use a combined modem/router device to do the nat firewalling and have it redirect mail, web ssh access to our main server? (is that possible or do such devices not allow access into the network from the 'net?) by default they will not. As I said they work, but I'm not sure the devices that are a modem + router built-in will also include firewalling. HTH, Sandro Cheers, Ian ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ADSL modem ip addresses
If you can get an Alcatel Speedtouch USB (probably the most commonly used) from your DSL provider, then you're in luck. It's in /usr/ports/net/pppoa. Install it. Then, lookin: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/pppoa.html . Remember, the device Alcatel SpeedTouch USB that should be in /etc/usbd.conf must be exactly the same as the detected device while booting-up or as displayed by the dmesg output. You may also refer here for more info: http://speedtouch.sourceforge.net/ Re IP address, I simply extract whatever the DSL connection provides and apply it in my ipfw firewall. I only have one NIC and the IP is static and private (192.168...). The NIC is serving my internal clients in a NAT + Transparent Proxy implementation. Hi, I'm organising an ADSL connection and I'm a bit confused about our options. We need to provide web, ssh and mail access to our network for users from home across the Internet with an ADSL connection. I figure the best way to do this is to setup a new machine to act as a firewall and run a web server sendmail on this box. (or I have seen something about using socket to divert these services to our existing server which has a private address). The firewall would have a NIC with a private IP address to connect to the rest of our network. What's the best way then to connect it to the ADSL line? Do we have a second NIC in the firewall machine with a real IP address connected to an ADSL modem and use ppp -natd on that interface? Does that mean we'd need 2 static IP addresses - one for the firewall one for the modem? (We really don't want to pay for 2 addresses) Or can we use a USB connection instead - are there FBSD drivers for ADSL modems? I can't see any in the supported hardware list. Or do we use a combined modem/router device to do the nat firewalling and have it redirect mail, web ssh access to our main server? (is that possible or do such devices not allow access into the network from the 'net?) Cheers, Ian ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ADSL modem ip addresses
On Fri, 10 Oct 2003 11:41:01 -0400 liquid [EMAIL PROTECTED] granted us these pearls of wisdom: -Original Message- From: [EMAIL PROTECTED] [mailto:owner-freebsd- [EMAIL PROTECTED] On Behalf Of Ian Moore Sent: October 10, 2003 9:59 AM To: freebsd-questions Subject: ADSL modem ip addresses Hi, I'm organising an ADSL connection and I'm a bit confused about our options. We need to provide web, ssh and mail access to our network for users from home across the Internet with an ADSL connection. I figure the best way to do this is to setup a new machine to act as a firewall and run a web server sendmail on this box. (or I have seen something about using socket to divert these services to our existing server which has a private address). It's not a wise move to run the services on the same machine as your firewall. You can setup an openbsd machine to serve as your firewall on a very inexpensive old machine, running it as a gateway as well. You can then forward specific ports (80, 25, 110 in your case) to your services machine running either in a DMZ or behind the firewall. Regarding the whole diverting issue, I encourage you to google dual homed hosts I had some pretty favourites on my windows machine but I lost them all when a hard drive died or I'd have some good ones for you. The firewall would have a NIC with a private IP address to connect to the rest of our network. What's the best way then to connect it to the ADSL line? Do we have a second NIC in the firewall machine with a real IP address connected to an ADSL modem and use ppp -natd on that interface? Does that mean we'd need 2 static IP addresses - one for the firewall one for the modem? (We really don't want to pay for 2 addresses) If you use pppoe, you can run ppp -ddial -quiet on startup by including that in rc.conf. Checkout /etc/defaults/rc.conf. I setup a machine to act as a gateway/firewall for 5 PC's on a 3mbit dsl line once... on a P120 and it ran flawlessly. You don't need two IP's. Your modem *shouldn't* have to have an IP. If it does, it's because it also acts as a router and hence does the pppoe auth. I suppose you can use that as a router instead.. it's your network ;) I like the flexibility my router provides me however. It's remarkably easy to setup as well. Again I don't have any links right now off-hand, but if you search for pppoe + freebsd + ipnat or something you'll find some very good tutorials. There was this one for a cable connection I used as a guide the first time, and just followed the steps from other sources for setting up PPPoE. Or can we use a USB connection instead - are there FBSD drivers for ADSL modems? I can't see any in the supported hardware list. AFAIK, there is no support (yet?) for a usb modem. I don't like them anyway - I keep my apples with my apples, my oranges with... you guessed it, the oranges. ADSL = network related stuff = runs on Ethernet. Or do we use a combined modem/router device to do the nat firewalling and have it redirect mail, web ssh access to our main server? (is that possible or do such devices not allow access into the network from the 'net?) by default they will not. As I said they work, but I'm not sure the devices that are a modem + router built-in will also include firewalling. Actually quite a few of the SOHO DSL routers I've seen do include simple firewalling but often enough they are only configurable via a browser and have a kind of all or nothing stance. For fine granular control over the firewall it is hard to beat FBSD and IPFilter / IPFW for the price - it just doesn't come with a pretty web interface ( not that you couldn't build one if you had the time or the energy I suppose. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ADSL modem ip addresses
*snipped* Actually quite a few of the SOHO DSL routers I've seen do include simple firewalling but often enough they are only configurable via a browser and have a kind of all or nothing stance. For fine granular control over the firewall it is hard to beat FBSD and IPFilter / IPFW for the price - it just doesn't come with a pretty web interface ( not that you couldn't build one if you had the time or the energy I suppose. You don't have to build one. Someone already did. I remember accidentally running into it a few months back while googling other stuff. I personally have no need now that I have a ruleset that I like, I just use the same one over and over wherever I need it changing the IP addresses where necessary ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ADSL modem ip addresses
On Sat, 11 Oct 2003 01:11, liquid wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:owner-freebsd- [EMAIL PROTECTED] On Behalf Of Ian Moore Sent: October 10, 2003 9:59 AM To: freebsd-questions Subject: ADSL modem ip addresses Hi, I'm organising an ADSL connection and I'm a bit confused about our options. We need to provide web, ssh and mail access to our network for users from home across the Internet with an ADSL connection. I figure the best way to do this is to setup a new machine to act as a firewall and run a web server sendmail on this box. (or I have seen something about using socket to divert these services to our existing server which has a private address). It's not a wise move to run the services on the same machine as your firewall. You can setup an openbsd machine to serve as your firewall on a very inexpensive old machine, running it as a gateway as well. You can then forward specific ports (80, 25, 110 in your case) to your services machine running either in a DMZ or behind the firewall. Regarding the whole diverting issue, I encourage you to google dual homed hosts I had some pretty favourites on my windows machine but I lost them all when a hard drive died or I'd have some good ones for you. Thanks, I'll check that out. I've got a firewall machine partly built, becasue I kind of figured it was the best way to go. The firewall would have a NIC with a private IP address to connect to the rest of our network. What's the best way then to connect it to the ADSL line? Do we have a second NIC in the firewall machine with a real IP address connected to an ADSL modem and use ppp -natd on that interface? Does that mean we'd need 2 static IP addresses - one for the firewall one for the modem? (We really don't want to pay for 2 addresses) If you use pppoe, you can run ppp -ddial -quiet on startup by including that in rc.conf. Checkout /etc/defaults/rc.conf. I setup a machine to act as a gateway/firewall for 5 PC's on a 3mbit dsl line once... on a P1Since 20 and it ran flawlessly. You don't need two IP's. Your modem *shouldn't* have to have an IP. If it does, it's because it also acts as a router and hence does the pppoe auth. I suppose you can use that as a router instead.. it's your network ;) I like the flexibility my router provides me however. It's remarkably easy to setup as well. Again I don't have any links right now off-hand, but if you search for pppoe + freebsd + ipnat or something you'll find some very good tutorials. There was this one for a cable connection I used as a guide the first time, and just followed the steps from other sources for setting up PPPoE. Thanks, I've had a couple of replies to this effect, so I'll start doing some googling. Or can we use a USB connection instead - are there FBSD drivers for ADSL modems? I can't see any in the supported hardware list. AFAIK, there is no support (yet?) for a usb modem. I don't like them anyway - I keep my apples with my apples, my oranges with... you guessed it, the oranges. ADSL = network related stuff = runs on Ethernet. Yeah, that's my feeling too. Seems like there is a usb driver (in the ports) of one modem, but like you, I would rather stick to ethernet. Or do we use a combined modem/router device to do the nat firewalling and have it redirect mail, web ssh access to our main server? (is that possible or do such devices not allow access into the network from the 'net?) by default they will not. As I said they work, but I'm not sure the devices that are a modem + router built-in will also include firewalling. I didn't really think those soho devices would be very powerful, much better to used FBSD get as much power flexibility as you need! I put that as an option just in case. Thanks to everyone for your replies. I really wanted someone to say this is the way to go, since it's all a bit theoretical until we have the connection modem installed can actually start playing with it. Now I'm happy to go ahead set up my firewall machine and do lots of googling! Cheers, Ian ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]