On Fri, 29 Jun 2001, Jeff Pierce wrote:
> I've got a question concerning DSL service via PPPoA, yes oA for PPP
> over
> ATM, which is what is what my ISP uses.
>
> Ok, the way it was explained to me is that my DSL modem, Zyxel Prestige
> 642MA will have an ethernet port for my connection, it will have a set
> IP of
> 192.168.1.1 on that ethernet port, it hen expects you in house machine
> to
> have an address of 192.168.1.2.
... or any address 192.168.1.[2-254]
>
> Ok, that means in order to "talk" out to the internet, my router, or any
> machine has uses 192.168.1.1 as the gateway machine with the routing
> table
> defaulting to it.
>
> Now, about ipmasq and firewalling. Since the DSL modem expects the
> connected
> machine to be 192.168.1.1
no, see above.
>, then the DSL modem would have to do
> NAT/ipmasq for
> it. So how would the LRP machine be set up for firewall and
> ipmasqurading
> for the second nic local network of say 192.168.2.xxx? Since it's
> internet
> connection is also a private network number, not a dynamically allocated
> global number like a normal ppp connection would get.
This could be a simple masqed static two-nic configuration, but you would
have to fix the no-private-address-routing problem as described in the FAQ
at leaf.sourceforge.net.
Another approach would be a transparent firewall, but this is not so easy.
>
> The settings for the local networked machines would be ip 192.168.2.xxx,
> gateway
> 192.168.2.1, ip of the
> LRP's nic on that network, and DNS being the same as before.
sounds right.
> Anybody set up a router like this before??
Not I.
I expect most of the flexibility with picky network applications that
LEAF has will be lost with the hardware router.
> I am not new to LRP, I have been running one for many months, switching
> over
> to eiger2beta a month or so ago to fix an AOL Instant Messenger problem.
>
> I have about ten days to two weeks to get ready for this.
should be easy to get basic functionality.
However, you may find that your firewall never gets hit, because it will
take some doing to get through the Zyxel (I don't know that it is
possible, but then I don't know that it is impossible, either.) If you
trust the Zyxel, you can forget the LEAF.
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...2k
---------------------------------------------------------------------------
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
