Re: Bridging pppoe(4) to another NIC - is this even possible, as it appears impossible to change the MTU?

Mon, 08 Sep 2008 08:05:26 -0700 

From: "Vijay Sankar" <[EMAIL PROTECTED]>
To: "Peter Kay - Syllopsium" <[EMAIL PROTECTED]>
Cc: <misc@openbsd.org>
Sent: Monday, September 08, 2008 2:50 PM
Subject: Re: Bridging pppoe(4) to another NIC - is this even possible, as it appears impossible to change the MTU? 



On September 8, 2008 06:43:45 am Peter Kay - Syllopsium wrote:


Also, even if I could get the MTUs to match, bridge complains on startup

because pppoe0 does not yet exist. Is there a more elegant solution than 
a

shellscript with a delay and a series of brconfig commands to fix this?




Not sure whether the following is appropriate under your circumstances but 
I

can try to describe a different solution.


We have 8 IP addresses with an ADSL connection (6 with the ISP here calls 
it

a "framed route" and 2 that are static) and we set pf up as follows:

ext_if="pppoe0"
int_if="rl0"
dmz_if="dc1"

scrub out on $ext_if max-mss 1440

One of the 6 addresses is the DMZ interface's IP and I am routing all the

other public IP's through this. So I don't have to bridge in my scenario 
and
it has worked very well. Interface fxp0 is connected to the DSL modem and 
has

the Ethernet default MTU of 1500 and pppoe0 has MTU of 1492.

fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       lladdr xx:xx:xx:xx:xx:xx
       media: Ethernet autoselect (100baseTX full-duplex)
       status: active

pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492
       dev: fxp0 state: session
       sid: 0x64e5 PADI retries: 0 PADR retries: 0 time: 36d 04:02:01
       sppp: phase network authproto pap authname "xxxxxxxxx"
       groups: pppoe egress
       inet aaa.bbb.ccc.ddd --> eee.fff.ggg.hhh netmask 0xffffffff

I am using kernel -mode pppoe.

--
Vijay Sankar, M.Eng., P.Eng.
ForeTell Technologies Limited
59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6
Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED]


OK.. I presume routing is also turned on in your scenario?


Unless I'm missing something though, aren't you losing two of your 8 IP 
addresses - one to PPPoE and one to the DMZ? A main point of me running 
PPPoE on the firewall is that I only lose one of my 6 available (obviously 
network and broadcast eat two of my eight) WAN addresses. If I wanted to 
lose two I could leave it as is, with the router establishing the PPPoE 
connection, the external interface on the firewall with a WAN IP, and a 
transparent bridge to the DMZ.



PK 






















					Reply via email to