[plug] Bridging in ADSL modems

Craig Ringer craig at postnewspapers.com.au
Fri Jul 16 13:53:26 WST 2004


On Fri, 2004-07-16 at 13:38, ranime wrote:
> This is what I want to achive,
> 
> ADSL modem/router with 4 eth switch
> supplies internet access to four linux pc's.
> 
> Each computer can access the internet,
> and each other using NFS or samba.
> 
> Each computer is running shorwall firewall.
> The IP addresses of the computers are static assigned.
> 
> Will this work ?

So long as you pick IP addresses in the range the DSL modem is expecting
(since most assume you'll be using DHCP), yes that should be fine. In
fact, it's pretty much the default configuration for using a DSL router.
You should be able to plug in the router, plug your computers into the
router, set your ISP username and password in its web interface, and
have everything just work.

Note that all your PCs will have private IP addresses, usually in the
192.168.x.x range, and it will not be possible to connect to them from
the outside world. Most DSL modems will let you designate one PC to
receive connection attempts from the outside world, so that it appears
to "be" the world-reachable IP address as far as the rest of the world
is concerned - but that's the best you'll get. This will be true no
matter how you set up your DSL, though, unless you get an expensive
connection with multiple IP addresses (and usually a very expensive bit
of Cisco hardware to go with it).

If you don't care about connecting to your computers from elsewhere on
the internet, you can totally ignore the above paragraph.

> also, from what I understand, is that if the modem
>   is not in 'bridged mode' then the modem handles the authentication 
> etc..

That's right - it handles the PPPoE session with your ISP that carries
your Internet traffic between your network and your ISP, and it does the
network address translation (NAT) required to have multiple computers
share one world-visible IPv4 address. The DSL modem becomes your
network's gateway router to the rest of the Internet.

> so how can i monitor the internet traffic from any computer on 
> the network without having a ppp-oe client running on the computer ?

Unfortunately, the answer to that is usually "with considerable
difficulty, if at all." :-(

Some DSL modems will let you use SNMP to get at least some traffic
statistics. I haven't seen one with a web interface or custom SNMP MIB
that could give you really useful traffic stats, though. There's very
little substitute for the control provided by iptables, and the easy
monitoring of [t]ethereal, gkrellm, and etherape.

This is one of the many reasons I prefer to use a modem in bridged mode
and run a Linux firewall. It's considerably more complicated to do it
that way, but it gives much more flexibility.

Of course, it depends on what you want to montor. If you only want total
received and transmitted bytes, then SNMP (if your modem supports it)
should be able to tell you that much. You could then use MRTG on a PC to
graph the traffic and provide the graphs as a web page if you wanted. On
the other hand, if you want per-PC traffic meters or to track traffic by
port, that's probably not going to be something the modem can do. If all
you want is to determine the connection state - "connected" or
"disconnected" - then most modems web interfaces will let you do that
much.

--
Craig Ringer




More information about the plug mailing list