[ale] PPPo{EA} v NAT in DSL gateways
Ken Cochran
kwc at theworld.com
Wed Dec 31 01:19:41 EST 2008
[A 2-fer reply]
Hmm, maybe some "progress" then... :)
Something along the lines of a Cisco 800 or 1800 box looks
interesting & definitely merits further investigation. :)
Whereya get the things?
In poking around at dslreports.com, my question/goal appears
to be in the FAQ - they call the feature I'm looking for
"transparent mode" or "IP passthrough." DSL gateway does
the PPPoE signon but is configured to present the "public"
IP address to the "inside" interface (as opposed to a RFC1918
private address). E.g. someone wants to run games or some
app that doesn't like double-NAT but also maybe a separate
box for NAT & firewalling. Apparently, DSL gateways didn't
have this capability until the last year or two.
New model Westells can supposedly do this. I've looked at
Netopia too; apparently these are nicer & with more features,
albeit not as cheap of course.
Cisco products don't appear on AT&T's supported gateway/modem
list but it seems to me something like the abovementioned models
might be the best of all (e.g. CLI configuration/management).
Now to figure out where to buy...
-kc
>From: Jason Fritcher <jkf at wolfnet.org>
>To: ale at ale.org
>Date: Tue, 30 Dec 2008 11:43:47 -0500
>Subject: Re: [ale] PPPo{EA} v NAT in DSL gateways
>
>I just bought a Cisco 857W yesterday to consolidate my AT&T 2210 DSL
>modem and my Linksys WRT54G router. I'll write an update with my
>experiences after I receive the Cisco and get it setup. But
>considering the 857 runs IOS, there is a lot of flexibility in how you
>can set it up.
>
>On Dec 29, 2008, at 11:46 AM, Ken Cochran wrote:
>
>> Actually, yes (helpful). :)
>> Doing it "somehow" beats not doing it no-how...
>> Need to research other DSL gateways besides the Westell,
>> e.g. Netopia, maybe some Cicso thing (1800? 800?) Or, rolling
>> my own with something that'll be *good* with the likes of OpenWRT.
>>
>> -kc
>>
>>> Date: Mon, 29 Dec 2008 11:13:40 -0500
>>> From: "James Taylor" <James.Taylor at eastcobbgroup.com>
>>> To: <ale at ale.org>
>>> Subject: Re: [ale] PPPo{EA} v NAT in DSL gateways
>>>
>>> I had to do that with an ATT box a few months ago. I don't remember what
>>> kind of DSL router it was, but ATT doesn't document the configuration
>>> for it anywhere, and can't help you set it up.
>>>
>>> I was able to get it to work using an obscure setting change in the
>>> configuration, but I don't recall what it was. All I remember is that
>>> the label of the setting didn't look like it had anything to do with
>>> what I wanted to do.
>>>
>>> Real helpful, eh?
>>> -jt
>>>
>>> James Taylor
>>> The East Cobb Group, Inc.
>>> 678-697-9420
>>> james.taylor at eastcobbgroup.com
>>> http://www.eastcobbgroup.com
>>>
>>>>>> Ken Cochran <kwc at theworld.com> 12/29/2008 10:36 AM >>>
>>> Summary: Looking for ability to set up PPPo{EA} support
>>> *without* NAT in some kind of DSL box.
>>>
>>> I'm trying to research DSL connectivity options at my locality.
>>> (Charter) cablemodem has become too expensive; DSL is the only
>>> other option & for residential, that's AT&T-only here.
>>>
>>> I asked here a week or two ago but not much of an answer I guess:
>>>
>>> Last I remember, by default, AT&T supplies a Westell DSL gateway
>>> for residences. What I've seen of it is that it generally
>>> acts as a router, and handling the PPPo{EA} signon itself but
>>> also NAT, supplying on the LAN side private IP addresses in
>>> 192.168/24. I read that I can put that gateway into "bridge"
>>> mode & it no longer does NAT (that would then be up to my own
>>> devices of course) but it isn't clear to me whether that also
>>> breaks the builtin PPPo{EA} support.
>>>
>>> Questions:
>>>
>>> - If I change that Westell to bridge mode does that also mean
>>> I have to do my own PPPo{EA}?
>>>
>>> - Any (good, better) alternatives to that Westell? For example,
>>> I've seen some from Netopia but I don't know much about these
>>> types of products.
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>
>--
>Jason Fritcher
>jkf at wolfnet.org
>
>From: "Michael H. Warfield" <mhw at wittsend.com>
>To: ale at ale.org
>Date: Tue, 30 Dec 2008 17:20:47 -0500
>Cc: mhw at wittsend.com, John Mills <john.m.mills at alum.mit.edu>
>Subject: Re: [ale] PPPo{EA} v NAT in DSL gateways
>
>On Mon, 2008-12-29 at 17:49 -0500, Ken Cochran wrote:
>> Yes, they (the LinkSys boxen, etc.) do (the signon) but what I'm
>> trying to find out is if (e.g.) the Westell (or any other DSL
>> gateway) can still do the signon if it is set up in bridge mode.
>
>Probably not. At least not as you have literally written, that is.
>The "signon" is the pap/chap authentication in the PPP session. Unless
>there is some really creative monkeying around going on (MITM PPPoe
>anyone?), that means the signon is going to have to occur at the
>termination point of the PPP connection. IOW, if the modem is doing the
>signon, the PPP connection terminates in the modem (i.e. not bridging).
>The address you get is assigned to your end of the end of the PPP
>connection. So, then, how does the DSL box talk to your NAT/firewall
>machine? You need more addresses. That implies (for simple consumers)
>private addresses and NAT.
>
>> What (I think) I'm trying to do is to *not* be dependent on
>> PPPo{AE} signon in my NAT/firewall machine (which isn't yet
>> an appliance such as a LinkSys box) but rather push that out
>> to whatever is connected to the DSL line. Naturally, I also
>> need to avoid double-NAT, which would further break all kinds
>> of stuff...
>
>I have installed systems where the DSL router manages the PPPoe but
>then also has a netblock allocated to it. It basically operates in
>managed mode but, in this case, it has a block of routable unicast
>public addresses to hand out. This is what you get if you have multiple
>static IP addresses. You never see the PPP address then (traceroute
>might uncover it), you only see your block of public addresses (in leu
>of private addresses) and no NAT. Not sure if the Westels can operate
>in that mode or not. But you have to get a block of addresses from your
>provider and that will cost $$$ and probably means a business account.
>I've set this up for one customer who has a /26 from AT&T but they got a
>significantly larger router than the little Westels (and they are paying
>something like a couple hundred a month +-). You don't get this if you
>merely have a single static IP.
>
>> I gotta find me some FMs to RT... Pointers/URLs welcome.
>
>> -kc
>
> Mike
>
>> >Date: Mon, 29 Dec 2008 14:02:41 -0500 (EST)
>> >From: John Mills <johnmills at speakeasy.net>
>> >To: ale at ale.org
>> >Subject: Re: [ale] PPPo{EA} v NAT in DSL gateways
>> >
>> >Ken, ALErs -
>> >
>> >I thought most of the LinkSys consumer DSL routers would handle the PPoE
>> >sign-on, probably learned from a thread on this topic a couple of years
>> >ago here. There was also a link to a Westel(l?) user manual that detailed
>> >how to set up bridging mode.
>> >
>> >If you get stalled I may have saved some of the mail, and almost surely
>> >have the Westel manual PDF cached _somewhere_.
>> >
>> >DISCLAIMER - I didn't try it myself. Just as I was about to set this up
>> >for a friend, she plunked $$ down for a new ISP to do it (and rent her
>> >the gear, naturally).
>> >
>> > - Mills
>> >
>> >On Mon, 29 Dec 2008, bugy at bellsouth.net wrote:
>> >
>> >> Don't worry! You don't have to do your own login session. All is done by
>> >> router/modem. Tested by Me with Westell with WRT54GL.
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>
>--
>Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
>\/\|=3Dmhw=3D|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the best of all
> PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
More information about the Ale
mailing list