BSD PPPoA Hardware
Julian Stacey
jhs at berklix.org
Tue Aug 16 08:06:21 GMT 2005
Simon Morgan wrote:
> Hi,
>
> I have a PPPoA ADSL connection and would like to use FreeBSD or OpenBSD
> as a gateway/server and am looking for compatible hardware that would
> facilitate this. I'm specifically looking to avoid combination modem
> + routers and NAT and port forwarding in particular. This will be
> a pure routed IP setup. Obviously stability is very important (So
> far I've been using a SpeedTouch 330 with Linux which hasn't been
> fun).
> Does anyone have any suggestions? Any advice is welcome.
I use FreeBSD-4.10, but ideally that needs an MTU re assembly daemon
/usr/ports/net/tcpmssd to surmount the 1492 below
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
else some near sites have trouble (more distant get limited &
compensated elsewhere I guess) But it only affects a few sites for
me so I have not installed tcpmssd (lazy & I'd want to think how
tcpmssd might affect fragmented packet firewall rules). FreeBSD-5.*
doesnt need that tcpmssd daemon port, it's built in i hear.
I use a personal site specific ipfw ruleset, since then FreeBSD has an
ipfw default ruleset for you to start with
/usr/src/etc/rc.firewall*
There's also /usr/ports/security/pf I havent tried it. To quote pkg-descr:
Packet Filter (from here on referred to as PF) is OpenBSD's
system for filtering TCP/IP traffic and doing Network Address
Translation. PF is also capable of normalizing and conditioning
TCP/IP traffic and providing bandwidth control and packet
prioritization. Version 2.00 of this port has the same
function set as found in OpenBSD 3.4
There's also in /etc/defaults/rc.conf ipfilter_enable="NO"
Better discussed on freebsd-security@
My Deutsch Telekom provided splitter has an 8 pin output for the
DT provided ADSL modem, which is what I use. I have a recently
acquired, never used SpeedTouch 330 with a 2 wire terminating in a
6 pin plug. (D'loaded manual last night) I've not had time to
consider a 6 / 8 converter.
What was the No Fun bit of Linux + SpeedTouch 330 as firewall ?
Ive heard often enough that Linux is no fun, but if the SpeedTouch
330 has problems what were they please ?
--
Julian Stacey Consultant Systems Engineer, Munich. http://berklix.com
Mail in Ascii (Html = Spam). Ihr Rauch = mein allergischer Kopfschmerz.
More information about the freebsd-hardware
mailing list