2008/9/8 Peter Kay - Syllopsium <[EMAIL PROTECTED]>: > I'm trying to create a transparent bridging firewall with a NIC at one end > and PPPoE(4) at the other end. In this case I'm using OpenBSD 4.4-CURRENT > sparc (same thing happens on 4.2) on a sparcstation 10 with quad ethernet > (qe - 10Mb). > > The problem is that the bridge cannot be established, probably because the > MTUs do not match. > > The MTU of qe(0 to 3) is 1500. > The MTU of pppoe0 (established via pppoe(4)) is 1492 > > I can't change the MTU of qe0-3. > There's an overhead of 8 bytes in PPPoE - does this therefore mean it can > never go above 1492? > The MTU of pppoe can be modified, but only to 1492 or lower. > > Additionally I am confused by the OpenBSD 4.4 changelist item : > > 'Adapt maximum permitted MTU on pppoe(4) to the MTU of the connected > Ethernet/VLAN interface.' > > This, to me, potentially indicates that the MTU of pppoe could be matched to > the MTU of the NIC (although, is this perhaps limited by the fact that to do > so it would need 1500+8 bytes of overhead, and thus blow the 1500 Ethernet > MTU limit?). I tried applying 4.4-CURRENT and the MTU of pppoe stays at > 1492. > > Any solution? Find a NIC which can have its MTU lowered, perhaps? > > Also, even if I could get the MTUs to match, bridge complains on startup > because pppoe0 does not yet exist. Is there a more elegant solution than a > shellscript with a delay and a series of brconfig commands to fix this? > > Cheers! > > Peter
When you say you want PPPoE at the other end, what exactly do you mean? Is the PPPoE stuff on a separate box that you reach via RJ-45, ie. does your net look loke this: Intranet <--> int_if--OpenBSD_bridge--ext_if <--> DSL modem w/ PPPoE Or do you want the PPPoE login/"dialup" stuff to be handled by OpenBSD, ie. does your network look like this: Intranet <--> int_if--OBSD_box--ext_if <--> DSL modem in dumb as a brick mode If it is the latter then I'm not quite sure where you want to build a transparent bridge. Because IIRC your external interface in this scenario would be a tun interface and you would use NAT. Unless of course... Ok, let me ask you this then: What kind of Internet connectivity do you have / what kind of Internet connection do you have from your ISP? If you are just using an ordinary SOHO user PPPoE offering from a regular ISP, then you more than likely just get ONE IPv4 address, which means you will have to use NAT, not bridging, no two ways about it. Or am I horribly misunderstanding something? A somewhat confused --ropers
