Bridging a DSL router - HELP!

[time]

I've just spent several hours over the last two days wrestling with a a couple of routers. The trick is, I want it quit being a router and just be a modem, so I can connect a real router to it. Under normal circumstances, I'd plump for an integrated unit, but that's not possible here.

One of my headaches is that I can't seem to get a DSL connection unless I specify PPPOA VCmux. I don't think this is compatible with using the modem as a bridge (but I'm hopelessly confused).

It's possible that the problem is down to the Billion router I'm trying to turn into a modem; if so, I'll happily try something else (I've bought an Asus - it was all I could get at short notice). I mean, I can still browse to the modem, which doesn't sound like bridged mode to me. :-?

Any info, suggestions, etc gratefully received. I'm onsite in another country with three of these to do.

 

[blakerwry]

Your problem is that your ISP uses PPPoA (PPP connection ontop of an ATM connection)

All DSL modems speak ATM, but most home routers only speak Ethernet. This is where the problem lies. Your modem/router speaks both Ethernet (LAN side) and ATM (DSL side), inherently this means that you're not going to be able to bridge this connection and be able to use PPPoA (required by your current connection type).

If your ISP offers PPPoE (PPP connection ontop of Ethernet) you'd be fine, or if they offer another connection type such as DHCP or Static IP addressing you'd be fine.

But if they only offer PPPoA, you're going to be forced to use a modem/router. But you may have the choice over which modem/router you wish to use.

Any specific reason why you wish to use your own router, when your ISP has already provided you with one? is it missing features that you require?

 

[blakerwry]

Forgot to mention, you might be able to assign your router in the DMZ of the modem/router provided by the ISP. This should pass traffic to your router, where you could then use it as normal. You're be running NAT twice, which may be a bit slower, but I think it would still work.

A good tip is to setup your router to use a different LAN subnet than that used by the ISP's router.

IE: ISP modem/router uses 192.168.0.1/24 on LAN side, set your soho router to 192.168.1.1/24

 

[time]

... if they offer another connection type such as DHCP or Static IP addressing you'd be fine.

There is a static address, served up via DHCP ... I'm not sure what you mean.

Any specific reason why you wish to use your own router, when your ISP has already provided you with one? is it missing features that you require?

Yes, like multiple VPN endpoints, 'dialup' VPN endpoints, VPN that works reliably, 802.11g with WPA etc. I should point out that the range of available equipment is constrained because of the telecommunications regulations in the country I'm doing this in.

The VPN aspect rules out NAT - to the best of my knowledge. That's why I'm trying to bridge it.

 

[sechs]

If you have *a* static IP address, then your router/modem is likely taking that. Makes it difficult to pass the WAN address to your router.

NAT is not a limitation on VPNs. I've run a VPN (Cisco, I think) through a double NAT setup with absolutely no issues. Depends upon your VPN client.

 

[blakerwry]

... if they offer another connection type such as DHCP or Static IP addressing you'd be fine.

There is a static address, served up via DHCP ... I'm not sure what you mean.

Any specific reason why you wish to use your own router, when your ISP has already provided you with one? is it missing features that you require?

Yes, like multiple VPN endpoints, 'dialup' VPN endpoints, VPN that works reliably, 802.11g with WPA etc. I should point out that the range of available equipment is constrained because of the telecommunications regulations in the country I'm doing this in.

The VPN aspect rules out NAT - to the best of my knowledge. That's why I'm trying to bridge it.

That would be a DHCP reservation, however I should be more specific. You'd need a PPPoE or 1483 bridged connection to use your own router.

Sechs is right that you can use some VPN clients behind NAT, there are L2TP and PPTP VPNs, the latter does not work with NAT I believe.

 

[time]

you might be able to assign your router in the DMZ of the modem/router provided by the ISP. This should pass traffic to your router, where you could then use it as normal.

This worked fine, although I also went through three modems trying to find one that played nicely.

NAT is not a limitation on VPNs. I've run a VPN (Cisco, I think) through a double NAT setup with absolutely no issues. Depends upon your VPN client.

Well, it's stops AH (Authentication Header) dead, and I'd agree that the client is important - when you're using a router endpoint rather than a client, it depends on your router. But it also depends on the passthrough capabilities of the front end router, which is where many consumer level routers let the side down badly.

In the end, I settled on a D-Link 302g, a minimalist ADSL router that nonetheless D-Link also promotes for use with a router behind it. Their documentation forgot to mention the DMZ part ... :roll: but it was easy to set up and seems to pass everything I need. Like other D-Link stuff, it runs rather hot for such a basic device, but I've chosen to have faith.

It defaults to a local address of 10.1.1.2/8 on the ethernet port and 10.1.1.3/8 on the USB port. I used a static IP of 10.1.1.15/8 on the real router. My IP knowledge isn't that good - anyone know why they use that mask of 255.0.0.0?

You're be running NAT twice, which may be a bit slower, but I think it would still work.

I haven't noticed any slowness at all with a 3DES VPN in place. As far as I can tell, I'm seeing about 85% of the maximum theoretical throughput if there wasn't one.

Cheers!

 

[time]

you can use some VPN clients behind NAT, there are L2TP and PPTP VPNs, the latter does not work with NAT I believe.

Forgot to mention, I'm using IPSec. I would think PPTP would be the most likely to work - from memory it's just an initial authentication system? I believe L2TP is less demanding than endpoint-to-endpoint IPSec, so it would probably also work. It just seems to be too complicated for a lot of stuff (works fine with the routers I'm using, but then so does IPsec).

 

[blakerwry]

Several ISPs use the 302G, it should do a good job.


----------
The subnet mask allows a router to determine which part of the IP belongs to the network and which belongs to the host.

You have to have some background in the different IP classes, but you can understand that there are networks of different sizes(number of hosts).

10.0.0.0 w/mask of 255.255.255.0 indicates that the 1st 3 octets belong to the network, and the last octet defines the individual hosts' address.

10.0.0.0 w/ mask of 255.0.0.0 (the default for this network) indicates that the network is 10, while the other 3 octets are reserved for hosts to use.


The 1st example allows for more networks, with each network allowing 254 computers. The 2nd example allows for one large network, with 16777214 hosts.

----------

The slowness comes in the routers having to store the PAT information in memory and performing lookups. This is a reletively easy task, but does take a few cycles per lookup. You wont notice with average use, but if you were making hundreds of connections a second you'd notice pretty fast that you'd reach your limit alot quicker with the NAT setup. The slowness is more in the number of simultaneous connections and the speed at which connections are established vs the speed of each individual connection.

-------------