On Sat, Jul 28, 2001 at 10:45:23AM -0400, Mohan Khurana wrote:
> netbsd users,
> 
> I'm really interested in using NetBSD to setup a router that can do NAT on
> a DSL connection that I will be setting up in my apartment in the next few
> weeks after I start my next semester of school.  The ISP will be Verizon,
> and I've discovered that Verizon requires all users to use pppoe to "dial
> in" to obtain access to the internet.  This  is another good reason why
> I'd like to have a firewall.  I'd like to have the firewall initiate the
> pppoe connection and reconnect if there is ever a disruption, allowing my
> systems at home to essentially have an always on connection, and removing
> the need to "dial up" when I want internet.
> 
> I've set up a test router before on FreeBSD/i386 using ipfilter a long
> time ago.  This situation is different from the previous one in that I
> want to use an existing Sun Sparcstation LX as the router.  The system has
> a 4GB hard disk, 96 Megs of RAM, onboard ethernet.  This situation is also
> different from what I've done in the past in that I'd like to create a
> router with only one ethernet interface.
> 
> Most router configurations I've seen have two ethernet interfaces, one of
> them is connected to a hub, that lets people plug in for access to the
> network.  People who plug into this hub can be in the private IP
> space.  The other NIC connects to the DSL/Cable/other internet
> connection.  ipfilter handles the NAT translation between them.
> 
> What I'd like to do with this sparc, is first of all wipe solaris 7 off of
> it. :)  Then I'd like to put netbsd on it and use it's single built in NIC
> to create the full router.  I'd like to connect it's NIC to a hub, connect
> the DSL modem to the uplink of the hub, and connect clients to the
> hub.  Clients on the hub would be in the 10. private ip space and would
> speak to the sparc router, who has a nic that is also in the 10. range.
> 
> It's after this that I get confused.  If I try to initiate the pppoe
> connection, would it try to incorrectly communicate with the clients on my
> network, rather than trying to communicate with the DSL modem?  Let's

Well, I assume that only the DSL equipement will anserw PPPoE negotiaition.
But I think that the DSL modem is just a brige, and all ethernet frames
are routed to the other end of the DSL line. This can be the problem
(not that it will prevent PPPoE negotiaition but your provider may not be
happy with non-pppoe traffic on the DSL line).


> assume that it somehow does manage to create a ppp interface, I should
> have no problem doing ipfilter nat and filtering between the interface
> name and ppp (the internet), right?

Yes, this shouldn't be a problem.

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--