DSL Bridge Hack

From Devpit
Jump to: navigation, search

DSL PPP Bridging hack

If your ISP doesn't support bridging mode, and you want to put a firewall behind your cisco 678 dsl modem, you'll need a second IP - or so your ISP will tell you. With this neat hack (thanks bilbo!), you can set it all up with just one static IP.

So, it'll look like this:

Internet -> Cisco 678 -> Firewall -> Internal NAT'd lan

I used OpenBSD for my firewall, so that's what i'll use in my description.

The basic idea here is that your ISP will route all of your packets to your router, regardless of your router's IP address. That's just how ppp works. So, what we do is set our internal interface on our cisco to a private ip -- Then, we alias our external interface on our firewall to and set the primary IP of the same interface to our assigned static IP address. Then, set the internal address on your firewall to an address family other than (for example

The cisco config:

set nvram erase

set int wan0-0 disable
set int wan0-0 close
set int wan0-0 vpi 0
set int wan0-0 vci 32
set int wan0-0 enable
set ppp wan0-0 login username
set ppp wan0-0 password flubbernuts
set ppp restart enabled
set broadcast forwarding disabled
set web disabled
set rip disabled
set interface eth0 address
set password exec badonkadonk
set password enable badonkadonk

set route add ip my_static_ip gw

Then, on the firewall, set your external interface to nat all packets from either or to your public IP addy. Make sure you have your inet address on that external interface set to your static, and aliased to Don't forget to set the default gateway to