Re: [pfSense Support] pfSense and adsl
On Fri, Dec 17, 2010 at 1:51 PM, Jeppe Øland wrote: > Every time I'm in Europe I have problems with modem/routers, and since > a lot of providers there use PPPoA I basically can't replace them :-( > > Are there any modems that allow a box like pfSense to provide the > PPPoA implementation, or would that require the modem to be say a PCI > card? Answering my own question: PPPoA has to be handled by the modem. Some DSL modem/routers support "Half bridge" mode. When in this mode, they will simply dole out the WAN side IP on the LAN side DHCP server. Regards, -Jeppe - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense and adsl
On Fri, Dec 17, 2010 at 5:45 PM, David Burgess wrote: > On Fri, Dec 17, 2010 at 3:29 PM, Evgeny Yurchenko > wrote: > >> I understand double-nat thing and can certainly configure that, >> but the simpler the better, I'd prefer to have public IP (range) on pfSense >> box. > > Best case scenario you get a public IP on pfsense, but worst case you > can turn off NAT in pfsense and just route through to the modem's NAT. > Double NAT may be the lesser of two evils, the routing implementations in modems I've encountered setup that way leave a lot to be desired - if they support the needed static route at all. I've seen them just drop routes and other bad things. I'm not all that familiar with available modems on PPPoA connections, but many PPPoE modems can do the PPPoE on the modem and passthrough the public IP via DHCP to a specified device behind the modem. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense and adsl
On Fri, Dec 17, 2010 at 3:29 PM, Evgeny Yurchenko wrote: > I understand double-nat thing and can certainly configure that, > but the simpler the better, I'd prefer to have public IP (range) on pfSense > box. Best case scenario you get a public IP on pfsense, but worst case you can turn off NAT in pfsense and just route through to the modem's NAT. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense and adsl
On 10-12-17 04:59 PM, David Bottrill wrote: On 17 Dec 2010, at 21:45, Michel Servaes wrote: On 18/12/10 10:16, Evgeny Yurchenko wrote: my only concern now is PPPoA... But I need public IP on pfSense for sure to do port-forwarding. Not really; if you can ask the modem to port-forward to the pfsense box, you can then ask pfSense to port-forward to the final destination. So the public IP stays on the modem's WAN interface, you burn a small private network for the connection between the modem's LAN and pfSense's WAN (using DHCP so that pfSense gets the modem's sense of DNS providers), and provide ordinary services over pfSense's LAN. This means you end up with double-NAT, which isn't ideal in a busy environment, but is stable enough for quieter locations. You could do that, but then you would have to disable the private address filtering on the WAN side ofcourse ! I'm in the UK and I use a Draytek Vigor 120 router that out of the box will work as an ADSL modem. It autodetects your ADSL settings and performs PPoE to PPoA authentication so I simply configure the WAN port on PFSense for PPoE and use my ISP ADSL userid and password. This works a treat and I get my Internet IP address on PFSense, in fact I have a netblock from my ISP so I just add Proxy ARP Virtual address entries on PFSense for the additional IP addresses and 1:1 NAT rules to map my additional external IP addresses to devices on my internal networks. Hope that helps David That would be ideal for me. The site is in UK -) I am wondering if my modem can do the same stuff. Gentlemen, I understand double-nat thing and can certainly configure that, but the simpler the better, I'd prefer to have public IP (range) on pfSense box. Thanks all for ideas! Now I have more hopes that it'll work. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense and adsl
On 17 Dec 2010, at 21:45, Michel Servaes wrote: > On 18/12/10 10:16, Evgeny Yurchenko wrote: >>> my only concern now is PPPoA... But I need public IP on pfSense for sure >>> to do port-forwarding. >> Not really; if you can ask the modem to port-forward to the pfsense box, >> you can then ask pfSense to port-forward to the final destination. >> >> So the public IP stays on the modem's WAN interface, you burn a small >> private network for the connection between the modem's LAN and pfSense's >> WAN (using DHCP so that pfSense gets the modem's sense of DNS >> providers), and provide ordinary services over pfSense's LAN. >> >> This means you end up with double-NAT, which isn't ideal in a busy >> environment, but is stable enough for quieter locations. >> >> > You could do that, but then you would have to disable the private address > filtering on the WAN side ofcourse ! I'm in the UK and I use a Draytek Vigor 120 router that out of the box will work as an ADSL modem. It autodetects your ADSL settings and performs PPoE to PPoA authentication so I simply configure the WAN port on PFSense for PPoE and use my ISP ADSL userid and password. This works a treat and I get my Internet IP address on PFSense, in fact I have a netblock from my ISP so I just add Proxy ARP Virtual address entries on PFSense for the additional IP addresses and 1:1 NAT rules to map my additional external IP addresses to devices on my internal networks. Hope that helps David smime.p7s Description: S/MIME cryptographic signature
Re: [pfSense Support] pfSense and adsl
On Fri, Dec 17, 2010 at 1:45 PM, Michel Servaes wrote: > On 18/12/10 10:16, Evgeny Yurchenko wrote: >>> >>> my only concern now is PPPoA... But I need public IP on pfSense for sure >>> to do port-forwarding. >> >> Not really; if you can ask the modem to port-forward to the pfsense box, >> you can then ask pfSense to port-forward to the final destination. >> >> So the public IP stays on the modem's WAN interface, you burn a small >> private network for the connection between the modem's LAN and pfSense's >> WAN (using DHCP so that pfSense gets the modem's sense of DNS >> providers), and provide ordinary services over pfSense's LAN. >> >> This means you end up with double-NAT, which isn't ideal in a busy >> environment, but is stable enough for quieter locations. >> >> > You could do that, but then you would have to disable the private address > filtering on the WAN side ofcourse ! Every time I'm in Europe I have problems with modem/routers, and since a lot of providers there use PPPoA I basically can't replace them :-( Are there any modems that allow a box like pfSense to provide the PPPoA implementation, or would that require the modem to be say a PCI card? Regards, -Jeppe - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense and adsl
On 18/12/10 10:16, Evgeny Yurchenko wrote: my only concern now is PPPoA... But I need public IP on pfSense for sure to do port-forwarding. Not really; if you can ask the modem to port-forward to the pfsense box, you can then ask pfSense to port-forward to the final destination. So the public IP stays on the modem's WAN interface, you burn a small private network for the connection between the modem's LAN and pfSense's WAN (using DHCP so that pfSense gets the modem's sense of DNS providers), and provide ordinary services over pfSense's LAN. This means you end up with double-NAT, which isn't ideal in a busy environment, but is stable enough for quieter locations. You could do that, but then you would have to disable the private address filtering on the WAN side ofcourse ! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense and adsl
On 18/12/10 10:16, Evgeny Yurchenko wrote: > my only concern now is PPPoA... But I need public IP on pfSense for sure > to do port-forwarding. Not really; if you can ask the modem to port-forward to the pfsense box, you can then ask pfSense to port-forward to the final destination. So the public IP stays on the modem's WAN interface, you burn a small private network for the connection between the modem's LAN and pfSense's WAN (using DHCP so that pfSense gets the modem's sense of DNS providers), and provide ordinary services over pfSense's LAN. This means you end up with double-NAT, which isn't ideal in a busy environment, but is stable enough for quieter locations. -jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense and adsl
On 10-12-17 02:54 PM, Michel Servaes wrote: Can I reconfigure Netgear in 'bridge' mode so I get Public IP on pfSense WAN? What would be WAN type on pfSense (DHCP? static? PPPoE?)? Or if you can answer more generally what is genereal pfSense set up if you get DSL line from ISP? Thanks. Can't tell for netgear, but I have 5 locations with a DSL line and either a Speedtoch router or SagemRouter 3436. I configure PPPoE on pfSense and the routers goes bridged automatically... I do however remove all settings from the PPPoE login at the Speedtoch or Sagem boxes to make sure that during a reboot of pfSense they won't go connecting. I need pfSense to get the public IP adress, as I am using IPSEC in between (and I don't like to use IPSEC NAT-T). That said, I can only tell for PPPoE - don't know how PPPoA should be done... Kind regards, Michel Thanks David and Michel, my only concern now is PPPoA... But I need public IP on pfSense for sure to do port-forwarding. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense and adsl
Can I reconfigure Netgear in 'bridge' mode so I get Public IP on pfSense WAN? What would be WAN type on pfSense (DHCP? static? PPPoE?)? Or if you can answer more generally what is genereal pfSense set up if you get DSL line from ISP? Thanks. Can't tell for netgear, but I have 5 locations with a DSL line and either a Speedtoch router or SagemRouter 3436. I configure PPPoE on pfSense and the routers goes bridged automatically... I do however remove all settings from the PPPoE login at the Speedtoch or Sagem boxes to make sure that during a reboot of pfSense they won't go connecting. I need pfSense to get the public IP adress, as I am using IPSEC in between (and I don't like to use IPSEC NAT-T). That said, I can only tell for PPPoE - don't know how PPPoA should be done... Kind regards, Michel - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense and adsl
On Fri, Dec 17, 2010 at 12:39 PM, Evgeny Yurchenko wrote: > Or if you can answer more generally what is genereal pfSense set up if you > get DSL line from ISP? I'm not familiar with that Netgear or PPPoA. My DSL uses PPPoE, and I have two options for handling that login: 1. modem in bridge mode, pfsense uses PPPoE on WAN to login and get IP address. 2. modem in router mode, uses PPPoE on WAN and static IP with or without DHCP server on LAN. PfSense uses static IP or DHCP on WAN. I always keep my modems in bridge mode and let the router do the routing, and normally recommend to others that they do the same. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] pfSense and adsl
Hi list, never worked with dsl devices so the question might seem stupid. Nevertheless... now Netgear DG834 does PPPoA with ISP having 192.168.0.1 on LAN and Public IP on WAN. How would I introduce pfSense to firewall LAN from WAN here? Can I reconfigure Netgear in 'bridge' mode so I get Public IP on pfSense WAN? What would be WAN type on pfSense (DHCP? static? PPPoE?)? Or if you can answer more generally what is genereal pfSense set up if you get DSL line from ISP? Thanks. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
