[ale] PPPo{EA} v NAT in DSL gateways
Michael H. Warfield
mhw at WittsEnd.com
Tue Dec 30 17:20:47 EST 2008
On Mon, 2008-12-29 at 17:49 -0500, Ken Cochran wrote:
> Yes, they (the LinkSys boxen, etc.) do (the signon) but what I'm
> trying to find out is if (e.g.) the Westell (or any other DSL
> gateway) can still do the signon if it is set up in bridge mode.
Probably not. At least not as you have literally written, that is.
The "signon" is the pap/chap authentication in the PPP session. Unless
there is some really creative monkeying around going on (MITM PPPoe
anyone?), that means the signon is going to have to occur at the
termination point of the PPP connection. IOW, if the modem is doing the
signon, the PPP connection terminates in the modem (i.e. not bridging).
The address you get is assigned to your end of the end of the PPP
connection. So, then, how does the DSL box talk to your NAT/firewall
machine? You need more addresses. That implies (for simple consumers)
private addresses and NAT.
> What (I think) I'm trying to do is to *not* be dependent on
> PPPo{AE} signon in my NAT/firewall machine (which isn't yet
> an appliance such as a LinkSys box) but rather push that out
> to whatever is connected to the DSL line. Naturally, I also
> need to avoid double-NAT, which would further break all kinds
> of stuff...
I have installed systems where the DSL router manages the PPPoe but
then also has a netblock allocated to it. It basically operates in
managed mode but, in this case, it has a block of routable unicast
public addresses to hand out. This is what you get if you have multiple
static IP addresses. You never see the PPP address then (traceroute
might uncover it), you only see your block of public addresses (in leu
of private addresses) and no NAT. Not sure if the Westels can operate
in that mode or not. But you have to get a block of addresses from your
provider and that will cost $$$ and probably means a business account.
I've set this up for one customer who has a /26 from AT&T but they got a
significantly larger router than the little Westels (and they are paying
something like a couple hundred a month +-). You don't get this if you
merely have a single static IP.
> I gotta find me some FMs to RT... Pointers/URLs welcome.
> -kc
Mike
> >Date: Mon, 29 Dec 2008 14:02:41 -0500 (EST)
> >From: John Mills <johnmills at speakeasy.net>
> >To: ale at ale.org
> >Subject: Re: [ale] PPPo{EA} v NAT in DSL gateways
> >
> >Ken, ALErs -
> >
> >I thought most of the LinkSys consumer DSL routers would handle the PPoE
> >sign-on, probably learned from a thread on this topic a couple of years
> >ago here. There was also a link to a Westel(l?) user manual that detailed
> >how to set up bridging mode.
> >
> >If you get stalled I may have saved some of the mail, and almost surely
> >have the Westel manual PDF cached _somewhere_.
> >
> >DISCLAIMER - I didn't try it myself. Just as I was about to set this up
> >for a friend, she plunked $$ down for a new ISP to do it (and rent her
> >the gear, naturally).
> >
> > - Mills
> >
> >On Mon, 29 Dec 2008, bugy at bellsouth.net wrote:
> >
> >> Don't worry! You don't have to do your own login session. All is done by
> >> router/modem. Tested by Me with Westell with WRT54GL.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20081230/e9ecc582/attachment.bin
More information about the Ale
mailing list