On Wed, Jan 07, 2004 at 01:32:58PM -0600, John Sorres wrote: > At 09:41 AM 1/7/2004 -0500, you wrote: > >On Tue, Jan 06, 2004 at 10:48:48PM -0600, John Sorres wrote: > > > Or you just drop the wireless off a separate ethernet card/ private > > net/NAT > > > on a Windoze box, and firewall that with some software. Sheezh, it's not > > > that hard. > > > >Double-NATting the seecond network? And without firewalling? Naw; I > >don't think so... Anything that puts the second network *behind* the > >first one is likely to cause some kind of trouble for someone, > >somewhere. Believe me when I tell you that you don't want to become > >tech support for your neighbors.
> I would not double NAT, I would run the Windoze (or other) machine as the > PPPOE host, create a subnet for the wireless, and would run a firewall > there. Less than 5 min to set up. Not that double NATing is going to > cause any problem other than insane overhead. I like to think I'm a fair hand at this stuff... but I didn't understand that explanation at all. Clearly, you get broadband in a different fashion than we do down here in Florida. We get raw, non-PPPoE ethernet coming out a cablemodem or ADSL modem, with a standard DHCP public IP address (usually one, sometimes more, sometimes static, depending on how much you wanna pay), and we feed it into a edge router. At business clients, it's usually a SnapGear; some of our other clients have bought themselves Netgear 814s or the Linky I mentioned. But if I was going to share my connection, I certainly wouldn't be terminating it on a non-dedicated machine. And yes, double-NATting *can* confuse some apps, even ones that are smart enough to figure out normal NAT. And it might well screw up IPsec passthrough to have two routers in a row, as well, if you needed that. In general, my goal in network architecture is to remain as close to the original transparency of the Internet's design as possible, as viewed by the end user. NAT at all is a necessary evil. Cheers, -- jra > And anytime you share with neighbors, putting a high wall around support is > recommended. Tell them if something is wrong, it's their problem. -- Jay R. Ashworth [EMAIL PROTECTED] Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 647 1274 Come see Linux Gazette in our new home: www.linuxgazette.net! -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
