Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2

Author Topic: ISP / Modem To Hardware Firewall Connection Method.  (Read 1746 times)

tickmike

  • Kitizen
  • ****
  • Posts: 3398
  • Yes Another Penguin !. :)
    • Free Download from.
ISP / Modem To Hardware Firewall Connection Method.
« on: April 15, 2020, 02:55:00 PM »

Eclipse ISP (business) Modem To Hardware Firewall Connection Method.

As you can see in my Sig below I use a HG612 and at the moment it use's PPPoE to connect to my firewall.

What are the pro's and con's of using

PPPoE
DCHP
Static.

Bearing in mind that I have a set of fixed IP address's.
« Last Edit: April 15, 2020, 02:58:29 PM by tickmike »
Logged
I RECOMMEND TRYING PCLinuxOS (www.pclinuxos.com) .
I have a set of 6 fixed IP's From my Eclipse isp.
BT ADSL2 (G992.3) line>HG612 set as a Modem, Bridge, WAN not Bound to LAN1 or 2 >pfSense (Hardware Firewall and routing) > Ethernet LAN, DMZ,WiFI LAN and Spare LAN .
DSLstats LAN2  linked Ethernet

chenks

  • Reg Member
  • ***
  • Posts: 906
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #1 on: April 15, 2020, 03:30:50 PM »

the connection method is dictated by your ISP though? so you don't have the option of choosing a different method.
Logged

tickmike

  • Kitizen
  • ****
  • Posts: 3398
  • Yes Another Penguin !. :)
    • Free Download from.
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #2 on: April 15, 2020, 09:59:05 PM »

the connection method is dictated by your ISP though? so you don't have the option of choosing a different method.

I choose to use PPPoE not them .

Just to note on my firewall these are the choices.
Logged
I RECOMMEND TRYING PCLinuxOS (www.pclinuxos.com) .
I have a set of 6 fixed IP's From my Eclipse isp.
BT ADSL2 (G992.3) line>HG612 set as a Modem, Bridge, WAN not Bound to LAN1 or 2 >pfSense (Hardware Firewall and routing) > Ethernet LAN, DMZ,WiFI LAN and Spare LAN .
DSLstats LAN2  linked Ethernet

chenks

  • Reg Member
  • ***
  • Posts: 906
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #3 on: April 16, 2020, 08:10:47 AM »

all routers/firewalls have those options.
you usually have to select the one that your ISP uses, selecting the others would result in no connection, unless your ISP has said they support all three and you are free to use either of them.
Logged

tickmike

  • Kitizen
  • ****
  • Posts: 3398
  • Yes Another Penguin !. :)
    • Free Download from.
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #4 on: April 16, 2020, 10:37:24 AM »

Ok thanks will ask them.
Logged
I RECOMMEND TRYING PCLinuxOS (www.pclinuxos.com) .
I have a set of 6 fixed IP's From my Eclipse isp.
BT ADSL2 (G992.3) line>HG612 set as a Modem, Bridge, WAN not Bound to LAN1 or 2 >pfSense (Hardware Firewall and routing) > Ethernet LAN, DMZ,WiFI LAN and Spare LAN .
DSLstats LAN2  linked Ethernet

chenks

  • Reg Member
  • ***
  • Posts: 906
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #5 on: April 16, 2020, 11:41:54 AM »

as you're already using PPPoE then that's the one your ISP uses, as does most DSL based connections.

Virgin, for example, uses DHCP.
Logged

j0hn

  • Kitizen
  • ****
  • Posts: 3106
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #6 on: April 16, 2020, 02:39:09 PM »

Indeed most ISP's on the OpenReach network use PPPoE.

Talktalk and Sky are the only 2 who don't use PPP, with both using a type of DHCP.
You can't use PPPoE with them even if you wanted to.

Same goes the other way. There will be no choice but to use PPPoE with Eclipse.
Logged
BT FTTP 160/30 - BQM - speed test

tickmike

  • Kitizen
  • ****
  • Posts: 3398
  • Yes Another Penguin !. :)
    • Free Download from.
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #7 on: April 16, 2020, 03:20:38 PM »

The isp have come back and told me what I already know  :(.

From my isp account settings .

Adsl Settings    VPI=0, VCI=38
AutoModulation
Multimode
RFC2364 PPPoATM VC - Null Encapsulation 

I have been using The HG612 and a newly built Smoothwall firewall for the last 4 years.
I have been using PPPoE for 4 years, it does get some error messages each day and a senior advisor at the ISP 4 years ago says there end was ok but it could be my long line.

Logged
I RECOMMEND TRYING PCLinuxOS (www.pclinuxos.com) .
I have a set of 6 fixed IP's From my Eclipse isp.
BT ADSL2 (G992.3) line>HG612 set as a Modem, Bridge, WAN not Bound to LAN1 or 2 >pfSense (Hardware Firewall and routing) > Ethernet LAN, DMZ,WiFI LAN and Spare LAN .
DSLstats LAN2  linked Ethernet

chenks

  • Reg Member
  • ***
  • Posts: 906
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #8 on: April 16, 2020, 03:52:59 PM »

what were you trying to achieve in this process?
Logged

tickmike

  • Kitizen
  • ****
  • Posts: 3398
  • Yes Another Penguin !. :)
    • Free Download from.
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #9 on: April 16, 2020, 09:54:01 PM »

what were you trying to achieve in this process?

Well I have a problem with my smoothwall firewall that if we get a power cut (our village does get quite a few) or re-boot it it does not connect to the internet again with out me re-setting some of the firewall control rules, DNS port 53 and the port for my backup server on a DMZ.

If anything happens to me with this Covid 19 my wife or daughter would not have a clue what to do to get the internet back .

I have a post on the smoothwall forum about the problem, the question came about from a chap in the USA who probably never used DSL.

I think the problem is in the smoothwall box not the modem or it's connection method.
Logged
I RECOMMEND TRYING PCLinuxOS (www.pclinuxos.com) .
I have a set of 6 fixed IP's From my Eclipse isp.
BT ADSL2 (G992.3) line>HG612 set as a Modem, Bridge, WAN not Bound to LAN1 or 2 >pfSense (Hardware Firewall and routing) > Ethernet LAN, DMZ,WiFI LAN and Spare LAN .
DSLstats LAN2  linked Ethernet

d2d4j

  • Kitizen
  • ****
  • Posts: 1027
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #10 on: April 16, 2020, 10:26:29 PM »

Hi tickmike

Unless it was a typo, you would be better setting to exact specs for your connection

You stated pppoe when isp stated pppoa

It may or may not be the issue, as rules may kick in before wan up but worth trying

We used to use commercial softwall before changing but they do a lot with education sector

Many thanks

John
Logged

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 9103
  • Retd sw dev; A&A; 4 × 7km ADSL2; IPv6; Firebrick
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #11 on: April 17, 2020, 12:44:29 AM »

There is the possibility of confusion here. I recommend your read my article (one of the authors) on Wikipedia PPPoEoE and PPPoEoA. There are three cases to consider. The first is PPPoEoE, where PPPoE over ethernet is being used to talk to a modem over a LAN only. This may have nothing to do with communications over DSL with your ISP or more accurately, with the wholesale access provider carrier network such as BT Openreach that may provide access to your ISP’s network. If you have a Draytek Vigor modem, your router speaks PPPoEoE to the modem but your modem may speak PPPoA down the phone line; that modem can do protocol conversion from PPPoEoE to the more efficient PPPoA. With a BT accesse-carrier ISP your modem can use either PPPoEoA or PPPoEoA over DSL; it depends on your modem’s capabilities as to which is available to you, but in such a case PPPoEoA is always possible.

I have to speak PPPoEoE to talk to my modem over the LAN as that’s the only modem access protocol over LANs, and my modems don’t speak PPPoA as the Draytek Vigor does over DSL so I have to use PPPoEoA on the DSL link unfortunately (unfortunately because PPPoEoA is less efficient then PPPoA). This is an example of the third case, where a router speaks PPPoE to and maybe through a modem and PPPoE is used both on the LAN side and over the DSL link.



If you can set up fixed IP addresses for the machines on your network, then definitely do so. If someone uses DHCP, then this may simply be a router or other server handing out addresses over the LAN. Or the address assignments may have come all the way from the ISP and are communicated to the machines on the LAN by your router. In my case I have totally fixed IP address assignments and I could set the address of every machine to a certain assigned unique choice by hand but for convenience I have set my router up to hand out fixed IP addresses on the LAN. My router gets notifications from my ISP (Andrews and Arnold) by the PPP IPCP protocol (and not by DHCP over DSL) telling it what IP addresses and ranges it should be using. I ignore this information though. If I had an ISP where the ISP-assigned IP addresses changed all the time at every connection-up, then my firewall and router settings would all break and other references to fixed addresses would go wrong. If you can’t get fixed IP addresses, one IPv4 address at a minimum but more is far better, then consider changing to a better ISP.

Hope this long sermon helps.
Logged

CarlT

  • Kitizen
  • ****
  • Posts: 1697
  • Software Defined WAN deployment engineer
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #12 on: April 17, 2020, 12:46:47 PM »

If you can set up fixed IP addresses for the machines on your network, then definitely do so. If someone uses DHCP, then this may simply be a router or other server handing out addresses over the LAN.

Absolutely don't do this for anything that isn't publicly addressed.

Following on from this why the 8 fixed IP addresses? They're a nice to have but are they essential? It sounds like you're filtering based on IP addresses which is wrong, it should be happening via interface, and I'm not even sure your firewall is in the correct mode from what you're saying. That or it isn't very good at a combination of NAT and routing.

If you want a solution that just works don't make it so complicated. I seriously doubt you need a /29 alongside a publicly addressed DMZ and it's those toys that are causing the problem. A single static on the WAN side alongside port forwarding rules and DHCP reservation will probably work just fine.

Yours, a network engineer.
« Last Edit: April 17, 2020, 12:50:07 PM by CarlT »
Logged
WiFi: Nighthawk® AX12 RAX120
Routing: pfSense VM
Switching: Mikrotik 2* CRS305-1G-4S-IN, 1 * CRS309-1G-8S+; various cheap and cheerful TP-Link/Netgear
Exchange: Wakefield
ISP: BT Full Fibre 900. Zen Full Fibre 900.

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 9103
  • Retd sw dev; A&A; 4 × 7km ADSL2; IPv6; Firebrick
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #13 on: April 17, 2020, 03:09:30 PM »

CarlT and I will just have to agree to disagree on this.  :)  An ancient, long-retired software engineer.
Logged

CarlT

  • Kitizen
  • ****
  • Posts: 1697
  • Software Defined WAN deployment engineer
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #14 on: April 17, 2020, 03:33:49 PM »

CarlT and I will just have to agree to disagree on this.  :)  An ancient, long-retired software engineer.

With a completely unnecessary /26: DHCP is fine for stuff behind RFC1918 and, indeed, unless inbound access is required public addressing isn't necessary.

Kindles for example most definitely don't need static public addressing.

If the point is to keep it simple rather than run the network as a home lab experiment DHCP is a really, really good idea. If there's a desire to keep addresses static within that for limited purposes DHCP reservation is a much better idea than configuring each device statically.
Logged
WiFi: Nighthawk® AX12 RAX120
Routing: pfSense VM
Switching: Mikrotik 2* CRS305-1G-4S-IN, 1 * CRS309-1G-8S+; various cheap and cheerful TP-Link/Netgear
Exchange: Wakefield
ISP: BT Full Fibre 900. Zen Full Fibre 900.
Pages: [1] 2
 

anything