[CDBUG-talk] PPPoA ... ?
doon at inoc.net
Tue Nov 8 11:28:28 EST 2005
On Nov 8, 2005, at 11:12 AM, Jonathan Franks wrote:
> Hi all,
> I've been thinking of reconfiguring my dsl connection lately and
> something in the docs has me a bit confused.
> Current setup is :
> DSL MODEM -> OpenBSD FW (3.7) -> Linksys WRT54G -> switch
> Which leaves me with a wholly unnecessary network segment.
> What I want is:
> DSL MODEM (as bridge only) -> OpenBSD FW (running ppp and pppoe) ->
> switch (with my Linksys Wireless router just acting as an AP off
> the switch)
> Taking the WRT54G out of the picture for non wireless clients, and
> bridging the modem.
> The thing that I'm hesitating on is the pppoe setup on the FW. For
> the most part it seems pretty straight forward between the FAQ and
> the relevant man pages... but here's the thing:
> My DSL provider uses PPPoA. In the FAQ I see this:
> The main software interface to PPPoE/PPPoA on OpenBSD is pppoe(8),
> which is a userland implementation (in much the same way that we
> described ppp(8), above). A kernel PPPoE implementation, pppoe(4),
> has been incorporated into OpenBSD.
> which seems to indicate that pppoe will work with either PPPoE or
> PPPoA. The man pages make no reference to PPPoA at all, however. My
> searches of the archives and Google have turned up some rather old
> posts, one suggesting that special hardware is required for PPPoA,
> and another that _appears_ to indicate that it isn't.
If you are using PPPoA, then I think you need an ATM interface to
terminate the traffic on. All of our DSL runs PPPoE or Route
Bridged 1483, so I don't have much experience with PPPoA. But you
can try it :) Since perhaps the DSL modem will just bridge the PPP -
> ethernet interface and then the PPP stuff will work.
So if I read your Above desc.
You have ISP -> PPPoA -> DSL Modem (NAPT) -> RFC1918 Space -> OBSD
FW -> NAT? -> clients?
So you effectively have double NAT.
> The modem also offers a "half-bridge" mode which theoretically
> authenticates to the ISP and then passes the IP back to the router.
> Assuming that special HW is required, could this be used instead?
Sounds like the above is what you will probably want to do, as it
sounds like it will be the easiest to configure. The Modems that some
of our ISP's use support ZIPB (Zero Installation PPP Bridge) which
does the same, terminates the PPP connection and passes it on. It is
a piece of cake to configure the firewall side, just tell it to gets
is IP via DHCP and tell your firewall that the interface is dynamic
and you should be good to go.
Key ID: 0x370D752C
(A)bort, (R)etry, (P)retend this never happened?
More information about the CDBUG-talk