New modem and iptables...

John Summerfield debian at herakles.homelinux.org
Tue Oct 23 10:24:23 UTC 2007


Antonio wrote:
> 2007/10/22, John Summerfield <debian at herakles.homelinux.org>:
>> Antonio wrote:
>>> 2007/10/22, John Summerfield <debian at herakles.homelinux.org>:
>>>> Antonio wrote:
>>>>> 2007/10/21, John Summerfield <debian at herakles.homelinux.org>:
>>>>>> Antonio wrote:
>>>>>>> I installed a new modem ADSL2+ that doesn' t need pppo any longer
>>>>>>> because it starts connection by himself
>>>>>>>
>>>>>> I expect your "modem" is actually a router, and that you can just turn
>>>>>> your Linux firewall off. The router performs firewall and NAT functions
>>>>>> that are perfectly adequate for most people.
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Cheers
>>>>>> John
>>>>>>
>>>>>> -- spambait
>>>>>> 1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu
>>>>>>
>>>>>>
>>>>> no...when I say modem,I mean modem, even if can start connection by itself...
>>>>> What is funny is that it has a DHCP server even if it has just a
>>>>> single Ethernet port  :-)
>>>> I have a so-called modem, but it really is a router. Like yours, it has
>>>> a single ethernet port. Mine's an iconnect 622, and it does pppoe,
>>>> pppoa, dhcp, dns relay and some other stuff. However, I set it to
>>>> bridging mode and do the pppoe myself.
>>>>
>>>> If you want to persuade me it's a modem, better name it;-)


>>
> And for english mother tongue folks....
> http://www.dlink.co.uk/?go=jN7uAYLx/oIJaWVUDLYZU93ygJVYLelXSNvhLPG3yV3oVo5+h6ltbNlwaaRp7TosAmu5j3cf/YENBs7k2aXlLkcVsezb

No need, Seamonkey's translate button did better than I expected, and 
from there I found English manuals.

It's time to define terms.
"modem" is a contraction of the English words "modulate" and 
"demodulate." A modem's function is to translate digital signals from 
the computer (originally an RS-242C serial port, but the definition got 
bent a little with ADSL) to a form compatible with an analogue phone 
line. Basically, electronic versions of sounds - ever listened to a 
modem dialing?

ADSL modems have to do a little more, that's where the VPI and VCI stuff 
come in.

Once it's doing authentication, despite what Dlink asserts, it's no 
longer a modem, it's a router and _it_ has your public Internet address. 
It also does NAT (otherwise you couldn't have a private IP address on 
your peecees). Because it's doing NAT, nobody outside your LAN can 
connect to your systems. For most users, that's a good thing.

If you want to run your own servers (say, for incoming email as I do), 
then you must put it into bridged mode, and do the PPPoE stuff, firewall 
and NAT in your PC.

A more capable router woould be able to forward incoming connexions, 
maybe to different machines: At work, I have incoming ssh directed 
directly to my desktop where there are fewer users and I don't have to 
worry about ignorant users having weak passwords.


Since this device really is a router and it's running its own DHCP 
server, it's highly likely that all the computers


Your DSL-320T should be giving you a 192.168.1.x IP address, and your 
default route should be via 192.168.1.1.


Just to be clear, I think you have this setup:
[inet](a)----(b)[DSL-320T](c)----(d)[linuxbox](e)---[switch]-[f][others]

If your device is functioning as a modem, there should be public IP 
addresses at (a) and (d)

If as a router, then the public IP addresses will be at (a) and (b).

Note that (a) doesn't have to be a public IP address, some IAPs use 
private ones there..

I presume you're either using DHCP on Linuxbox to hand out IP addresses, 
or doing it manually. (e) and (f) would have private IP address - I see 
you're using 192.168.0.x addresses.

It's a mystery to me why you'd have an IP address of 87.14.136.149.

Could you do this:

traceroute js.id.au
and post the results?

Unfortunately, I use shorewall firewall and my firewalls are a good deal 
more complicated than you need, so I can't just post mine as an example/





-- 

Cheers
John

-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu

Please do not reply off-list




More information about the fedora-list mailing list