Re: Linux and routers

In article <40e70293$0$7799$(E-Mail Removed)>,
Michael Rozdoba <(E-Mail Removed)> wrote:
>
>I'm still happy with my Solwise sar715. I use NAT & haven't had any
>significant problems with a small home lan of five machines. The 715
>does DHCP for the lan (leasing addresses based on MAC) & also provides
>local DNS. I've not used the firewall, relying on NAT for security, as I
>don't run any externally accessible services (usually), but I understand
>it provides useful, if basic, functionality.

Is there a cheap DSL ethernet router that works basically as a bridge ?
My AR11 insists on occupying one of my seven IP addresses, and makes
me set up every port or IP forwarding by hand (since I run another
firewall/router on the Linux server which lies behind it). Or at least
if the AR11 can do otherwise than NATted PPPoA or than dynamic forwarding
only to its local port address, Taiwanese support won't tell me, and
cos I work from here I can't spare the downtime to experiment.

I want (and I have a family of teenagers with net access wants too )
to to be able to run P2P and netchat and maybe FTP and all that stuff
that wants any of a range of incoming ports, as long as _I_ control the
accesses, the rate and port ranges of dynamic forwards, and the bandwidth
(and it seems to be not too hard to do that with ipchains), as well as
avoiding all that tedious messing around NATting into private netspaces
just for the server/adsl hop.

Budget is a maximum of about 50 quid for something ... to be offset by
swap-or-selling a DSL router and a plain one ... just wish I'd bought
an AR41 when they cost less than this AR11 did, init :-)

uk.t.b added since it's probably also on-topic, please keep followups
though (ObLinux: knode users watch out ;-))

Nick
--
"My objective at this stage was to work about 3 days per week"
-- Richard Parker in http://web.ukonline.co.uk/richard/cv78.html


Nick Leverton

Nick Leverton wrote:

> Is there a cheap DSL ethernet router that works basically as a bridge ?

The sar715 can certainly do that. Don't know about the other models.
They have quite a few around the 50ukp price mark:
http://www.solwise.co.uk/modems.htm

--
Michael
m r o z a t u k g a t e w a y d o t n e t

On Sat, 03 Jul 2004 20:36:41 +0000, Nick Leverton wrote:

> In article <40e70293$0$7799$(E-Mail Removed)>, Michael Rozdoba
> <(E-Mail Removed)> wrote:
>>
>>I'm still happy with my Solwise sar715. I use NAT & haven't had any
>>significant problems with a small home lan of five machines. The 715 does
>>DHCP for the lan (leasing addresses based on MAC) & also provides local
>>DNS. I've not used the firewall, relying on NAT for security, as I don't
>>run any externally accessible services (usually), but I understand it
>>provides useful, if basic, functionality.
>
> Is there a cheap DSL ethernet router that works basically as a bridge ? My
> AR11 insists on occupying one of my seven IP addresses, and makes me set
> up every port or IP forwarding by hand (since I run another
> firewall/router on the Linux server which lies behind it). Or at least if

<snip a big message that I didn't fully read>

I have the DLINK 300G+, I don't have NAT (I was sure that I wanted to
avoid a cheap and potentially shitty implementation of NAT).

I have 8 IP's from Zen..

My gateway Linux-gw has one IP address- it's default gateway is the
broadcast address of the subnet

The other computers have public addresses but route via the linux-gw so
they are all firewalled off and without NAT.


--
Regards,
Adam Allen.

PGP: http://pgp.mit.edu:11371/pks/lookup?...e.net&op=index

>> Is there a cheap DSL ethernet router that works basically as a bridge ? My
>> AR11 insists on occupying one of my seven IP addresses, and makes me set
>> up every port or IP forwarding by hand (since I run another
>> firewall/router on the Linux server which lies behind it). Or at least if
>
><snip a big message that I didn't fully read>
>
> I have the DLINK 300G+, I don't have NAT (I was sure that I wanted to
> avoid a cheap and potentially shitty implementation of NAT).
>
> I have 8 IP's from Zen..
>
> My gateway Linux-gw has one IP address- it's default gateway is the
> broadcast address of the subnet
>
> The other computers have public addresses but route via the linux-gw so
> they are all firewalled off and without NAT.

Hi,

Would you be able to post details on this (so I can possibly write a
guide)? I work at Zen, and wasn't aware that this setup was possible
with the D-link modem.

So just to confirm - if your subnet is 82.68.1.8/29, the default
gateway of your linux pc is 82.68.1.15, right?

I have a very similar setup myself at home, except I use the
speedtouch modem (has worked perfectly).

Regards,

James

A modem should be ideal for your purposes - I use the speedtouch 330
usb modem myself with no problems, and Adam has posted that he uses a
dlink 300G+ ethernet modem successfully elsewhere in this thread.

There's a discussion about this on the *PLUGPLUGPLUG* zen forums
(www.zensupport.co.uk) that you may find useful if you decide to go
down this route.

Regards,

James

James Hill <(E-Mail Removed)> wrote:
>>> Is there a cheap DSL ethernet router that works basically as a bridge ? My
>>> AR11 insists on occupying one of my seven IP addresses, and makes me set
>>> up every port or IP forwarding by hand (since I run another
>>> firewall/router on the Linux server which lies behind it). Or at least if
>>
>><snip a big message that I didn't fully read>
>>
>> I have the DLINK 300G+, I don't have NAT (I was sure that I wanted to
>> avoid a cheap and potentially shitty implementation of NAT).
>>
>> I have 8 IP's from Zen..
>>
>> My gateway Linux-gw has one IP address- it's default gateway is the
>> broadcast address of the subnet
>>
>> The other computers have public addresses but route via the linux-gw so
>> they are all firewalled off and without NAT.

> Hi,

> Would you be able to post details on this (so I can possibly write a
> guide)? I work at Zen, and wasn't aware that this setup was possible
> with the D-link modem.

> So just to confirm - if your subnet is 82.68.1.8/29, the default
> gateway of your linux pc is 82.68.1.15, right?

> I have a very similar setup myself at home, except I use the
> speedtouch modem (has worked perfectly).

James,

I suspect the clue is in the original article "My gateway Linux-gw has one
IP address".

The obvious way to achieve this is to use Linux-gw as a firewalling
bridge.

If that's the case, the line "The other computers ... route via the
linux-gw" is misleading - they'll be connected via the bridge, but routing
via the router..

d.

> James,
>
> I suspect the clue is in the original article "My gateway Linux-gw has one
> IP address".
>
> The obvious way to achieve this is to use Linux-gw as a firewalling
> bridge.
>
> If that's the case, the line "The other computers ... route via the
> linux-gw" is misleading - they'll be connected via the bridge, but routing
> via the router..
>
> d.

*Nod.

This is what my PC at home does with the 330. I wasn't aware that the
dlink 300 would support this, as it does IP spoofing. I must have
incorrectly assumed that it ignored all traffic for other IP addresses
rather than it getting sent to the IP address of the PC using the
modem.

It is after all a modem designed to work with one pc only - so it was
understandable for me to assume it would drop all other traffic.

Regards,

James

James Hill <(E-Mail Removed)> wrote:

>> James,
>>
>> I suspect the clue is in the original article "My gateway Linux-gw has one
>> IP address".
>>
>> The obvious way to achieve this is to use Linux-gw as a firewalling
>> bridge.

> *Nod.

> This is what my PC at home does with the 330. I wasn't aware that the
> dlink 300 would support this, as it does IP spoofing. I must have
> incorrectly assumed that it ignored all traffic for other IP addresses
> rather than it getting sent to the IP address of the PC using the
> modem.

Hmm. OK, i'll concede that it looks a bit more complicated with that
particular device as it really isn't clear how it behaved from the
documentation I've been able to find.

d.

On 2004-07-05, (E-Mail Removed) () <(E-Mail Removed)> wrote:
> In article <40e91406$0$7802$(E-Mail Removed)>,
> James Hill <(E-Mail Removed)> wrote:
>>> My gateway Linux-gw has one IP address- it's default gateway is the
>>> broadcast address of the subnet
>
> [...]
>
>>So just to confirm - if your subnet is 82.68.1.8/29, the default
>>gateway of your linux pc is 82.68.1.15, right?
>
> I'm not following - why would your gateway for a given route ever be a
> broadcast address? This would mean that every packet going outbound is
> also "copied" to every PC on the LAN.

The dlink 300 is a modem that works by using IP spoofing. So on the
WAN side, the modem appears to have the router IP address (in this
example it would be 82.68.1.14 to the outside world.

On the LAN, it calls itself something else (maybe 82.68.1.15), and the
pc sets this as it's default gateway. The PC then picks up an IP
address of 82.68.1.14 via DHCP from the d-link, and appears to be
connected directly to the outside world (as the d-link magically
translates the traffic).

This 'ethernet modem' is designed to be used only with a single pc -
this is why it does things in a strange way.

Regards,

James

On Mon, 05 Jul 2004 08:44:33 +0000, James Hill wrote:

> A modem should be ideal for your purposes - I use the speedtouch 330
> usb modem myself with no problems, and Adam has posted that he uses a
> dlink 300G+ ethernet modem successfully elsewhere in this thread.
>
> There's a discussion about this on the *PLUGPLUGPLUG* zen forums
> (www.zensupport.co.uk) that you may find useful if you decide to go
> down this route.
I use 300G+ as well, the only problems have been when I tried windows XP

--
neil
delete delete to reply