ADSL modem & ip addresses
liquid
liquid at homebass.ca
Fri Oct 10 08:41:08 PDT 2003
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org [mailto:owner-freebsd-
> questions at freebsd.org] On Behalf Of Ian Moore
> Sent: October 10, 2003 9:59 AM
> To: freebsd-questions
> Subject: ADSL modem & ip addresses
>
> Hi,
> I'm organising an ADSL connection and I'm a bit confused about our
> options.
>
> We need to provide web, ssh and mail access to our network for users
> from home
> across the Internet with an ADSL connection.
> I figure the best way to do this is to setup a new machine to act as a
> firewall and run a web server & sendmail on this box. (or I have seen
> something about using socket to divert these services to our existing
> server
> which has a private address).
It's not a wise move to run the services on the same machine as your
firewall. You can setup an openbsd machine to serve as your firewall on
a very inexpensive old machine, running it as a gateway as well. You
can then forward specific ports (80, 25, 110 in your case) to your
services machine running either in a DMZ or behind the firewall.
Regarding the whole diverting issue, I encourage you to google "dual
homed hosts" I had some pretty favourites on my windows machine but I
lost them all when a hard drive died or I'd have some good ones for you.
> The firewall would have a NIC with a private IP address to connect to
> the rest
> of our network.
>
> What's the best way then to connect it to the ADSL line?
> Do we have a second NIC in the firewall machine with a real IP address
> connected to an ADSL modem and use ppp -natd on that interface? Does
> that
> mean we'd need 2 static IP addresses - one for the firewall & one for
> the
> modem? (We really don't want to pay for 2 addresses)
If you use pppoe, you can run ppp -ddial -quiet on startup by including
that in rc.conf. Checkout /etc/defaults/rc.conf. I setup a machine to
act as a gateway/firewall for 5 PC's on a 3mbit dsl line once... on a
P120 and it ran flawlessly.
You don't need two IP's. Your modem *shouldn't* have to have an IP. If
it does, it's because it also acts as a router and hence does the pppoe
auth. I suppose you can use that as a router instead.. it's your
network ;) I like the flexibility my router provides me however. It's
remarkably easy to setup as well. Again I don't have any links right
now off-hand, but if you search for pppoe + freebsd + ipnat or something
you'll find some very good tutorials. There was this one for a cable
connection I used as a guide the first time, and just followed the steps
from other sources for setting up PPPoE.
>
> Or can we use a USB connection instead - are there FBSD drivers for
> ADSL
> modems? I can't see any in the supported hardware list.
AFAIK, there is no support (yet?) for a usb modem. I don't like them
anyway - I keep my apples with my apples, my oranges with... you guessed
it, the oranges. ADSL = network related stuff = runs on Ethernet.
>
> Or do we use a combined modem/router device to do the nat &
> firewalling and
> have it redirect mail, web & ssh access to our main server? (is that
> possible
> or do such devices not allow access into the network from the 'net?)
>
by default they will not. As I said they work, but I'm not sure the
devices that are a modem + router built-in will also include
firewalling.
HTH,
Sandro
> Cheers,
> Ian
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-
> unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list