Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 11 Oct 2003 11:21:22 +0930
From:      Ian Moore <imoore@picknowl.com.au>
To:        "freebsd-questions" <freebsd-questions@FreeBSD.ORG>
Subject:   Re: ADSL modem & ip addresses
Message-ID:  <200310111121.22800.imoore@picknowl.com.au>
In-Reply-To: <000001c38f44$e95d9bc0$6400a8c0@windows>
References:  <000001c38f44$e95d9bc0$6400a8c0@windows>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 11 Oct 2003 01:11, liquid wrote:
> > -----Original Message-----
> > From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-
> > questions@freebsd.org] On Behalf Of Ian Moore
> > Sent: October 10, 2003 9:59 AM
> > To: freebsd-questions
> > Subject: ADSL modem & ip addresses
> >
> > Hi,
> > I'm organising an ADSL connection and I'm a bit confused about our
> > options.
> >
> > We need to provide web, ssh and mail access to our network for users
> > from home
> > across the Internet with an ADSL connection.
> > I figure the best way to do this is to setup a new machine to act as a
> > firewall and run a web server & sendmail on this box. (or I have seen
> > something about using socket to divert these services to our existing
> > server
> > which has a private address).
>
> It's not a wise move to run the services on the same machine as your
> firewall.  You can setup an openbsd machine to serve as your firewall on
> a very inexpensive old machine, running it as a gateway as well.  You
> can then forward specific ports (80, 25, 110 in your case) to your
> services machine running either in a DMZ or behind the firewall.
> Regarding the whole diverting issue, I encourage you to google "dual
> homed hosts"  I had some pretty favourites on my windows machine but I
> lost them all when a hard drive died or I'd have some good ones for you.

Thanks, I'll check that out. I've got a firewall machine partly built, becasue 
I kind of figured it was the best way to go.
>
> > The firewall would have a NIC with a private IP address to connect to
> > the rest
> > of our network.
> >
> > What's the best way then to connect it to the ADSL line?
> > Do we have a second NIC in the firewall machine with a real IP address
> > connected to an ADSL modem and use ppp -natd on that interface? Does
> > that
> > mean we'd need 2 static IP addresses - one for the firewall & one for
> > the
> > modem? (We really don't want to pay for 2 addresses)
>
> If you use pppoe, you can run ppp -ddial -quiet on startup by including
> that in rc.conf.  Checkout /etc/defaults/rc.conf.  I setup a machine to
> act as a gateway/firewall for 5 PC's on a 3mbit dsl line once... on a
> P1Since 20 and it ran flawlessly.
>
> You don't need two IP's.  Your modem *shouldn't* have to have an IP.  If
> it does, it's because it also acts as a router and hence does the pppoe
> auth.  I suppose you can use that as a router instead.. it's your
> network ;)  I like the flexibility my router provides me however.  It's
> remarkably easy to setup as well.  Again I don't have any links right
> now off-hand, but if you search for pppoe + freebsd + ipnat or something
> you'll find some very good tutorials.  There was this one for a cable
> connection I used as a guide the first time, and just followed the steps
> from other sources for setting up PPPoE.

Thanks, I've had a couple of replies to this effect, so I'll start doing some 
googling.
>
> > Or can we use a USB connection instead - are there FBSD drivers for
> > ADSL
> > modems? I can't see any in the supported hardware list.
>
> AFAIK, there is no support (yet?) for a usb modem.  I don't like them
> anyway - I keep my apples with my apples, my oranges with... you guessed
> it, the oranges.  ADSL = network related stuff = runs on Ethernet.

Yeah, that's my feeling too. Seems like there is a usb driver (in the ports) 
of one modem, but like you, I would rather stick to ethernet.
>
> > Or do we use a combined modem/router device to do the nat &
> > firewalling and
> > have it redirect mail, web & ssh access to our main server? (is that
> > possible
> > or do such devices not allow access into the network from the 'net?)
>
> by default they will not.  As I said they work, but I'm not sure the
> devices that are a modem + router built-in will also include
> firewalling.

I didn't really think those soho devices would be very powerful, much better 
to used FBSD & get as much power & flexibility as you need! I put that as an 
option just in case.

Thanks to everyone for your replies. I really wanted someone to say this is 
the way to go, since it's all a bit theoretical until we have the connection 
& modem installed & can actually start playing with it.
Now I'm happy to go ahead & set up my firewall machine and do lots of 
googling!

Cheers,
Ian



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200310111121.22800.imoore>