Re: New modem and iptables...



Antonio wrote:
2007/10/22, John Summerfield <debian@xxxxxxxxxxxxxxxxxxxxxx>:
Antonio wrote:
2007/10/22, John Summerfield <debian@xxxxxxxxxxxxxxxxxxxxxx>:
Antonio wrote:
2007/10/21, John Summerfield <debian@xxxxxxxxxxxxxxxxxxxxxx>:
Antonio wrote:
I installed a new modem ADSL2+ that doesn' t need pppo any longer
because it starts connection by himself

I expect your "modem" is actually a router, and that you can just turn
your Linux firewall off. The router performs firewall and NAT functions
that are perfectly adequate for most people.



--

Cheers
John

-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx


no...when I say modem,I mean modem, even if can start connection by itself...
What is funny is that it has a DHCP server even if it has just a
single Ethernet port :-)
I have a so-called modem, but it really is a router. Like yours, it has
a single ethernet port. Mine's an iconnect 622, and it does pppoe,
pppoa, dhcp, dns relay and some other stuff. However, I set it to
bridging mode and do the pppoe myself.

If you want to persuade me it's a modem, better name it;-)



And for english mother tongue folks....
http://www.dlink.co.uk/?go=jN7uAYLx/oIJaWVUDLYZU93ygJVYLelXSNvhLPG3yV3oVo5+h6ltbNlwaaRp7TosAmu5j3cf/YENBs7k2aXlLkcVsezb

No need, Seamonkey's translate button did better than I expected, and from there I found English manuals.

It's time to define terms.
"modem" is a contraction of the English words "modulate" and "demodulate." A modem's function is to translate digital signals from the computer (originally an RS-242C serial port, but the definition got bent a little with ADSL) to a form compatible with an analogue phone line. Basically, electronic versions of sounds - ever listened to a modem dialing?

ADSL modems have to do a little more, that's where the VPI and VCI stuff come in.

Once it's doing authentication, despite what Dlink asserts, it's no longer a modem, it's a router and _it_ has your public Internet address. It also does NAT (otherwise you couldn't have a private IP address on your peecees). Because it's doing NAT, nobody outside your LAN can connect to your systems. For most users, that's a good thing.

If you want to run your own servers (say, for incoming email as I do), then you must put it into bridged mode, and do the PPPoE stuff, firewall and NAT in your PC.

A more capable router woould be able to forward incoming connexions, maybe to different machines: At work, I have incoming ssh directed directly to my desktop where there are fewer users and I don't have to worry about ignorant users having weak passwords.


Since this device really is a router and it's running its own DHCP server, it's highly likely that all the computers


Your DSL-320T should be giving you a 192.168.1.x IP address, and your default route should be via 192.168.1.1.


Just to be clear, I think you have this setup:
[inet](a)----(b)[DSL-320T](c)----(d)[linuxbox](e)---[switch]-[f][others]

If your device is functioning as a modem, there should be public IP addresses at (a) and (d)

If as a router, then the public IP addresses will be at (a) and (b).

Note that (a) doesn't have to be a public IP address, some IAPs use private ones there..

I presume you're either using DHCP on Linuxbox to hand out IP addresses, or doing it manually. (e) and (f) would have private IP address - I see you're using 192.168.0.x addresses.

It's a mystery to me why you'd have an IP address of 87.14.136.149.

Could you do this:

traceroute js.id.au
and post the results?

Unfortunately, I use shorewall firewall and my firewalls are a good deal more complicated than you need, so I can't just post mine as an example/





--

Cheers
John

-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx

Please do not reply off-list

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list