On 2007/11/09 10:15, Craig Skinner wrote: > On Thu, Nov 08, 2007 at 10:25:04PM +0000, Stuart Henderson wrote: > > > On 08/11/2007, Craig Hammond <[EMAIL PROTECTED]> wrote: > > > > > > > > me setup an obsd firewall. The adsl modem that the ISP sent only does > > > > bridging (Netgear DM111) and although I got it all working, it feels > > > > Looks like DM111 offers PPPoE/PPPoA "bridge" modes which sound like > > what some other boxes refer to as "half-bridge" or "DHCP spoofing", > > and also standard RFC1483 bridging. > > I had a DLink like this for a while, worked fine when I set it to PPPoA > (the usual for non-USA ADSL) bridge & DHCP on the client.
In .uk we get to choose either PPPoA or PPPoE from most ISPs. There are +/- points for each, but now I almost always choose to configure the modem as an RFC1483 bridge, and the PF box to run PPPoE. No need to dig out ISP details and configure a modem to replace a failed one. If someone has multiple lines that's a big advantage (one spare works for all lines without changing config) - and it runs nicely over vlans too, which would at least be complicated with DHCP. > Sounds stupid, but the router's WAN IP gets passed through to the PC via > DHCP so you get the static address that the ISP issues to the router and > the router becomes invisable to the Internet as your box has the > routable IP on its NIC. In the OPs case, the router address in the DHCP reply is outside the subnet (it's just converted from the address in PPP IPCP negotiations, which is ok on a point-to-point link where the route is to "the PtP link", but isn't ok for a multiple-access medium). This issue comes up from time to time here, both in relation to ADSL and with 'root servers' from some hosting providers (some of whom give /32 subnet and an out-of-subnet gateway). Some OS accept this and ARP for the address, that seems broken to me but is probably the only way to work around this abuse.
