DSL Bridge Hack

From Devpit
Jump to: navigation, search

DSL PPP Bridging hack

If your ISP doesn't support bridging mode, and you want to put a firewall behind your cisco 678 dsl modem, you'll need a second IP - or so your ISP will tell you. With this neat hack (thanks bilbo!), you can set it all up with just one static IP.

So, it'll look like this:

Internet -> Cisco 678 -> Firewall -> Internal NAT'd lan

I used OpenBSD for my firewall, so that's what i'll use in my description.

The basic idea here is that your ISP will route all of your packets to your router, regardless of your router's IP address. That's just how ppp works. So, what we do is set our internal interface on our cisco to a private ip -- 192.168.0.1. Then, we alias our external interface on our firewall to 192.168.0.2 and set the primary IP of the same interface to our assigned static IP address. Then, set the internal address on your firewall to an address family other than 192.168.0.0 (for example 10.0.0.0/24).

The cisco config:

en
set nvram erase
write
reboot

en
set int wan0-0 disable
set int wan0-0 close
set int wan0-0 vpi 0
set int wan0-0 vci 32
set int wan0-0 enable
set ppp wan0-0 login username
set ppp wan0-0 password flubbernuts
set ppp restart enabled
set broadcast forwarding disabled
set web disabled
set rip disabled
set interface eth0 address 192.168.0.1
set password exec badonkadonk
set password enable badonkadonk
write
reboot



en
set route add ip my_static_ip gw 192.168.0.2
write
reboot

Then, on the firewall, set your external interface to nat all packets from either 192.168.0.0/24 or 10.0.0.0/24 to your public IP addy. Make sure you have your inet address on that external interface set to your static, and aliased to 192.168.0.2. Don't forget to set the default gateway to 192.168.0.1.