ADSL bridge recommendations?

Hello,

I'm looking to buy an ADSL bridge for the purpose of freeing up an IP address
that's currently being used by the ADSL router. The intention is that all IP
traffic coming in through the ADSL gets forwarded straight to my firewall,
instead of being fiddled with by a router.

-----------------------------------------------------------------------------

Current setup:
NAT
________ EXTERNAL | INTERNAL
( ) _____________ ________|_______ /^\
( ) | | | / | / \
( Internet ) <==> | ADSL Router | <--> | Firewall | <----> < LAN >
( ) |_____________| |_______/________| \ /
(________) | \_/
|
ip address ip address | ip address network
195.x.x.17 195.x.x.18 10.1.0.250 10.1.0.0/24

-----------------------------------------------------------------------------

Intended setup:
NAT
________ EXTERNAL | INTERNAL
( ) _____________ ________|_______ /^\
( ) | | | / | / \
( Internet ) <==> | ADSL Bridge | <--> | Firewall | <----> < LAN >
( ) |_____________| |_______/________| \ /
(________) | \_/
|
ip addresses | ip address network
195.x.x.17 10.1.0.250 10.1.0.0/24
195.x.x.18

-----------------------------------------------------------------------------

The ADSL bridge should also have a management interface on an internally
accessible IP address so I can set up the connection.

Can anyone recommend a good ADSL bridge that will do that and work fine with
BT ADSL?

Thanks
Steve

On Fri, 3 Dec 2004 14:05:51 +0000, Steve Hunter
<(E-Mail Removed)> wrote:

>Hello,
>
>I'm looking to buy an ADSL bridge for the purpose of freeing up an IP address
>that's currently being used by the ADSL router. The intention is that all IP
>traffic coming in through the ADSL gets forwarded straight to my firewall,
>instead of being fiddled with by a router.
>
> -----------------------------------------------------------------------------
>
> Current setup:
> NAT
> ________ EXTERNAL | INTERNAL
> ( ) _____________ ________|_______ /^\
> ( ) | | | / | / \
> ( Internet ) <==> | ADSL Router | <--> | Firewall | <----> < LAN >
> ( ) |_____________| |_______/________| \ /
> (________) | \_/
> |
> ip address ip address | ip address network
> 195.x.x.17 195.x.x.18 10.1.0.250 10.1.0.0/24
>
> -----------------------------------------------------------------------------
>
> Intended setup:
> NAT
> ________ EXTERNAL | INTERNAL
> ( ) _____________ ________|_______ /^\
> ( ) | | | / | / \
> ( Internet ) <==> | ADSL Bridge | <--> | Firewall | <----> < LAN >
> ( ) |_____________| |_______/________| \ /
> (________) | \_/
> |
> ip addresses | ip address network
> 195.x.x.17 10.1.0.250 10.1.0.0/24
> 195.x.x.18
>
> -----------------------------------------------------------------------------
>
>The ADSL bridge should also have a management interface on an internally
>accessible IP address so I can set up the connection.
>
>Can anyone recommend a good ADSL bridge that will do that and work fine with
>BT ADSL?
>
>Thanks
>Steve

You could use a pure ADSL rfc1483 bridge, but in that case you would
need your firewall to support PPPoE to estabilish the PPP level
connection with your ISP. Your firewall would then get the public IP
address.

Alternativley you could use a ADSL "router" that had a trick up its
sleeve to pass the public IP address to the first (and only) device on
the LAN. The SpeedTouch routers support this under the name "DHCP
Spoof".

Another alternative is to get a routable subnet to allow a public IP
address to be given to a LAN device and not use NAT.

Take your pick

Moonshine wrote:

> You could use a pure ADSL rfc1483 bridge, but in that case you would
> need your firewall to support PPPoE to estabilish the PPP level
> connection with your ISP.

Usually (or even always?) PPoA rather than PPoE in the UK?

On Fri, 03 Dec 2004 19:24:43 +0000, Andy Burns
<(E-Mail Removed)> wrote:

>Moonshine wrote:
>
>> You could use a pure ADSL rfc1483 bridge, but in that case you would
>> need your firewall to support PPPoE to estabilish the PPP level
>> connection with your ISP.
>
>Usually (or even always?) PPoA rather than PPoE in the UK?

PPPoE is now supported in the UK - trust me :-)

Or look at the BT SINs

Moonshine wrote:

> PPPoE is now supported in the UK - trust me :-)
> Or look at the BT SINs

I wasn't sure (hence my caution against saying *always*) but at the
moment PPoA is the UK norm, do any providers use PPoE yet, or is it just
an option?

On Sat, 04 Dec 2004 19:44:20 +0000, Andy Burns
<(E-Mail Removed)> wrote:

>Moonshine wrote:
>
>> PPPoE is now supported in the UK - trust me :-)
> > Or look at the BT SINs
>
>I wasn't sure (hence my caution against saying *always*) but at the
>moment PPoA is the UK norm, do any providers use PPoE yet, or is it just
>an option?

It's a case of suck it and see (need to to use LLC/SNAP mode), but I
think you will be succesful in the majority of cases. The possible
exceptions being DataStream ISPs that have not enabled PPPoE on their
BRAS's.

AOL now use the native PPPoE functionality in their AOL Client to
establish their conectivity. The USB modem operates in bridging mode
and the client uses PPPoE over this.

HTH

> You could use a pure ADSL rfc1483 bridge, but in that case you would
> need your firewall to support PPPoE to estabilish the PPP level
> connection with your ISP. Your firewall would then get the public IP
> address.

No that's not what I'm looking for, just bridging the IP networks is what
I'm after, so the ADSL device is transparent.

> Alternativley you could use a ADSL "router" that had a trick up its
> sleeve to pass the public IP address to the first (and only) device on
> the LAN. The SpeedTouch routers support this under the name "DHCP
> Spoof".

Aye that's more the sort of thing, except it's a static IP assignment.

I'm really just looking for equipment recommendations from anyone who's done
this before. Thanks, I'll check out the SpeedTouch routers.

Cheers
Steve

Steve Hunter wrote:

> Aye that's more the sort of thing, except it's a static IP assignment.
>
> I'm really just looking for equipment recommendations from anyone who's done
> this before. Thanks, I'll check out the SpeedTouch routers.

My westell 7400 claims to be able to pass the WAN address to a specific
machine on the LAN, while at the same time allowing other devices on the
LAN to use NAT on the same address. But I don't use it in that mode as I
have a /29. Can't you get your /30 extended? My diagram is similar to
yours ...

NAT
________ EXTERNAL | INTERNAL
( ) ________ _______|_______ /^\
( ) | ADSL | | / | / \
( Internet ) <==> | Router | <--> | Firewall | <----> < LAN >
( ) |________| |_______/_______| \ /
(________) | \_/
192.168.1.x 84.x.x.121 |
129.168.2.x |
|
84.x.x.122 10.0.0.1 10.0.0.0/24
84.x.x.123
84.x.x.124
84.x.x.125
84.x.x.126
192.168.2.x


The router shows it's address on the WAN side as 192.168.1.x but it's
just a placeholder address since it's a point to point link, and it
doesn't want to waste addresses on a subnet there, essentially treated
like an un-numbered interface.

Also I have to have the 192.168.2.x network between router and firewall
as the router will not present it's management interface to the 84.x.x.x
network (which it treats as extenal) only to an "internal" network, so
192.168.2.x serves that purpose.

Works nicely, not sure if I could get back my 84.x.x.121 address by
using the "spoofing trick" but I have enough addresses so I didn't try.