Rod.. Whitworth wrote: > On Tue, 7 Jun 2005 12:50:40 -0500, Kevin wrote: > > On 5/26/05, Rod.. Whitworth <[EMAIL PROTECTED]> wrote: > > > When you have a modem that will do all the connection stuff I am > > > amazed that anyone feels the need to do PPPoE. > > > > I prefer to have control over (and visibility into) the PPP > > connection and NAT, to this end I'm seriously considering getting > > rid of the external ADSL modem entirely, migrating to a Sangoma > > S518 ADSL PCI card. > > You are either a keen student or a masochist. ;) > > Dealing with those two "issues" in reverse order: > > I have perfect control over NAT because it is done in my OpenBSD > firewall and it is way more complex than a modem could do anyway - > routing a /29 without "wasting" a public IP on the $ext_if. So you > don't need to move to a card to get NAT control, just turn it off in > the modem or, as I do for simple client sites with only one static IP, > use double NAT with the firewall $ext_if set as the default DMZ host > (or something the same with a different name - depends on modem brand) > and then the WAN IP will appear to be the firewall address.
NAT too often tends to break new technology, especially where security is a concern... and double (or triple) NAT is sheer masochism--especially when debugging larger networks. > I have control over PPP in the modem so that I have PPPoA running > where it is "common knowledge" (wrong) that PPPoE is needed, the > modem logs connections in detail and gives me lots of statistics > without consuming firewall resources. At least one brand logs to > syslog on the firewall. I'll admit, the statistics of the PPPoE/PPPoA connection is nice, but no where near as nice as having a public IP address on your OpenBSD box--many consumer-class large DSL providers in the US dislike providing public IPs to a consumer's own hardware (as opposed to the DSL router/modem provider by the provider). > Finally I have several modems with saved configuration files so the > death of a modem is not a drama. With a modem that is working fine an > OpenBSD upgrade at the firewall doesn't mean that I need to pray that > whatever code I would have been using to drive the modem would work > with the latest OS. > > I used to dream of getting an internal ADSL modem. I'm now very glad I > ccouldn't. My nightmare is not have a public IP assigned to my OpenBSD box.
