Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 [2]

Author Topic: ISP / Modem To Hardware Firewall Connection Method.  (Read 1772 times)

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 9107
  • Retd sw dev; A&A; 4 × 7km ADSL2; IPv6; Firebrick
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #15 on: April 17, 2020, 04:09:02 PM »

I agree that most people won’t have any need for such fixed address assignments and so for them and for most people they are quite unnecessary, as Carl says. However I am not most people. I actually use these addresses, but I won’t debate this here because it’s getting off topic and you probably aren’t that interested in what I get up to in my own network. I wouldn’t pay extra for a whole block of addresses that I don’t need; my address block is foc.

Best.  :)
Logged

CarlT

  • Kitizen
  • ****
  • Posts: 1697
  • Software Defined WAN deployment engineer
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #16 on: April 17, 2020, 05:44:10 PM »

Not going to disagree that you use them, just that there's no need for most of them to be publicly routable. Again Kindles, etc, are fine with NAT. :)

Which leads onto the original question. Is the /29 necessary, are there alternatives which are more robust if the worst happens?

Micromanagement of the home network is a hobby, not something that anyone should need to do. Firewall rules as far as generic Internet access goes should be per interface and stateful and something is quite broken if they aren't.
Logged
WiFi: Nighthawk® AX12 RAX120
Routing: pfSense VM
Switching: Mikrotik 2* CRS305-1G-4S-IN, 1 * CRS309-1G-8S+; various cheap and cheerful TP-Link/Netgear
Exchange: Wakefield
ISP: BT Full Fibre 900. Zen Full Fibre 900.

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 9107
  • Retd sw dev; A&A; 4 × 7km ADSL2; IPv6; Firebrick
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #17 on: April 17, 2020, 08:29:40 PM »

I didn’t mean I just use the addresses, I expressed myself poorly. I do need them to be publicly routable, for various reasons, but this is now off topic.
Logged

CarlT

  • Kitizen
  • ****
  • Posts: 1697
  • Software Defined WAN deployment engineer
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #18 on: April 17, 2020, 10:59:11 PM »

Indeed. Please do start your own thread so that we can discuss this further. I am very interested in what you might be doing that needs a /26 of publicly routable IP addresses - entire head offices of hundreds of people manage on a /29 or less  :)
Logged
WiFi: Nighthawk® AX12 RAX120
Routing: pfSense VM
Switching: Mikrotik 2* CRS305-1G-4S-IN, 1 * CRS309-1G-8S+; various cheap and cheerful TP-Link/Netgear
Exchange: Wakefield
ISP: BT Full Fibre 900. Zen Full Fibre 900.

tickmike

  • Kitizen
  • ****
  • Posts: 3398
  • Yes Another Penguin !. :)
    • Free Download from.
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #19 on: April 18, 2020, 10:50:00 AM »

Thanks for the reply's  :)

I do agree it is too complicated for our needs now, I will start another thread.

My 'Business connection' came about from a business that we where going to do but never materialised, I do not pay any more for the set of Six IP address's, my unlimited ADSL2 connection is Ł16.69 a month .

--------------------------------------------------
Just to make clear the above question is referring to 'Public' side of the Firewall Not the Private LAN side.

 
Logged
I RECOMMEND TRYING PCLinuxOS (www.pclinuxos.com) .
I have a set of 6 fixed IP's From my Eclipse isp.
BT ADSL2 (G992.3) line>HG612 set as a Modem, Bridge, WAN not Bound to LAN1 or 2 >pfSense (Hardware Firewall and routing) > Ethernet LAN, DMZ,WiFI LAN and Spare LAN .
DSLstats LAN2  linked Ethernet

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 3774
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #20 on: April 18, 2020, 03:31:58 PM »

If there's a desire to keep addresses static within that for limited purposes DHCP reservation is a much better idea than configuring each device statically.

I may getting hold of the wrong end of the stick here, but I personally find it much better to set my static addresses on the device rather than via DHCP, I have a printer, two PC's and a home server which have static IP addresses. I used to do it in the router but it was such a faff every time I changed the router.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

CarlT

  • Kitizen
  • ****
  • Posts: 1697
  • Software Defined WAN deployment engineer
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #21 on: April 18, 2020, 11:05:27 PM »

On a couple of things sure but most definitely not everything which was my main point.
Logged
WiFi: Nighthawk® AX12 RAX120
Routing: pfSense VM
Switching: Mikrotik 2* CRS305-1G-4S-IN, 1 * CRS309-1G-8S+; various cheap and cheerful TP-Link/Netgear
Exchange: Wakefield
ISP: BT Full Fibre 900. Zen Full Fibre 900.

Alex Atkin UK

  • Kitizen
  • ****
  • Posts: 1650
    • My Broadband History
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #22 on: April 19, 2020, 04:49:41 PM »

I may getting hold of the wrong end of the stick here, but I personally find it much better to set my static addresses on the device rather than via DHCP, I have a printer, two PC's and a home server which have static IP addresses. I used to do it in the router but it was such a faff every time I changed the router.

Its generally expected you're going to change the clients more often than the router.

Its just so much easier to have all configuration in one place, especially when port forwarding.  Its why I was so annoyed that IPv6 seemed to take away this control, at least on the Xbox One which changes its UUID every boot.
Logged
INTAKE (ECI) Zen: Home Hub 5A OpenWrt Plusnet: VMG-3925-B10B Three 4G: Hauwei B535-232 Router: pfSense (i5-7200U) WiFi: Ubiquiti nanoHD
Thinkbroadbamd Quality Monitors

tickmike

  • Kitizen
  • ****
  • Posts: 3398
  • Yes Another Penguin !. :)
    • Free Download from.
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #23 on: April 20, 2020, 12:39:59 PM »

[quote]
I may getting hold of the wrong end of the stick here, but I personally find it much better to set my static addresses on the device rather than via DHCP, I have a printer, two PC's and a home server which have static IP addresses. I used to do it in the router but it was such a faff every time I changed the router.
[/quote]

Sorry to say but yes your are.

That is on the LAN side of the modem/router (the 'private' safe side) !.

My hardware fire wall has the capability to to connect to my ISP's equipment via the three methods in my post #1
Logged
I RECOMMEND TRYING PCLinuxOS (www.pclinuxos.com) .
I have a set of 6 fixed IP's From my Eclipse isp.
BT ADSL2 (G992.3) line>HG612 set as a Modem, Bridge, WAN not Bound to LAN1 or 2 >pfSense (Hardware Firewall and routing) > Ethernet LAN, DMZ,WiFI LAN and Spare LAN .
DSLstats LAN2  linked Ethernet

d2d4j

  • Kitizen
  • ****
  • Posts: 1027
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #24 on: April 20, 2020, 02:09:52 PM »

Hi tickmike

Sorry your thread went slightly off topic and ronski was asking over best way for dhcp on lan side

I would think most routers/firewalls have all connections listed but generally only 1 would work with isp. The other connections listed are for if firewall connects to say an independent router

Many thanks

John
Logged

tickmike

  • Kitizen
  • ****
  • Posts: 3398
  • Yes Another Penguin !. :)
    • Free Download from.
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #25 on: April 23, 2020, 02:59:41 PM »

Getting Back to my question, I have looked at the settings of my HG612 for my ADSL connection.

You can see EoA is set, but my firewall I have set PPPoE to connect, the firewall sends the my isp log in details not the modem.

So how does this work ? is the HG612 a PPPoE-to-PPPoA converting modem ?,
so would that be PPPoEoA ?.
see
https://en.wikipedia.org/wiki/Point-to-Point_Protocol_over_Ethernet scole down to 'PPPoE-to-PPPoA converting modem' .

Why am I interested in this, since updating my firewall some time ago there is a problem that if we get a power cut or I re-boot the firewall it Does Not connect back to the internet and I have to manually reset some of the rules.
(the smoothwall guys on there forum are not helping me with it) .

I re.booted the firewall and got this error message ''The RED device is not active. Cannot determine the red device type at this time.'' 
Note .. RED is my connection from the HG612 !.
I am looking for any delays in this connection coming up.

The PPP log =

 14:37:10 pppoe Sent PADT

14:37:13 pppd Exit.

14:37:17 pppd pppd 2.4.7 started by root, uid 0

14:37:17 pppd Using interface ppp0

14:37:17 pppd Connect: ppp0 <--> /dev/pts/0

14:37:22 pppoe PPP session is 3956 (0xf74)

14:37:23 pppd CHAP authentication succeeded: CHAP authentication success, unit 1784

14:37:23 pppd CHAP authentication succeeded

14:37:23 pppd local IP address 82.152.x.x

14:37:23 pppd remote IP address 82.153.x.x

14:37:23 pppd primary DNS address 212.104.x.x

14:37:23 pppd secondary DNS address 212.104.x.x

So to me it looks like it is coming up ok.

Any ideas ?.
Logged
I RECOMMEND TRYING PCLinuxOS (www.pclinuxos.com) .
I have a set of 6 fixed IP's From my Eclipse isp.
BT ADSL2 (G992.3) line>HG612 set as a Modem, Bridge, WAN not Bound to LAN1 or 2 >pfSense (Hardware Firewall and routing) > Ethernet LAN, DMZ,WiFI LAN and Spare LAN .
DSLstats LAN2  linked Ethernet

aesmith

  • Kitizen
  • ****
  • Posts: 1010
Re: ISP / Modem To Hardware Firewall Connection Method.
« Reply #26 on: May 18, 2020, 02:10:05 PM »

Normal practice would be to configure PPPoE on your firewall.  No configuration is then needed on the modem.
Logged
Pages: 1 [2]
 

anything