IP COP and ADSL ROUTER PROBLEM - How Do I make it work

[Toby]

I am a Linux Noobie so please excuse what may be the Obvious and also any silly mistakes on my side. I Choose IPCOP over SMOOTHWALL as IPCOP reporting out of the box seems to have more option, else they appear to be much of the same animal – I understand the same core development teams built them.

I am trying to get an IPCOP Firewall setup connected to a ADSL Ethernet Router (Microcom ADSL Deskporte Router 100 – Microcom Part Number – 2630)

Current working Config

ADSL Router connected to a LinkSys WRT54G which is working. Workstations and Laptop (Wireless) connected to the LinkSys.

I am trying to get one workstation working for now connected directly to the Green interface. Later I will use the LinkSys as a Switch

The IP COP setup is as follows

Green IP – 192.168.0.254 on network 192.168.0.0/24
Red IP – 10.0.0.254 on Network 10.0.0.0/24
IPCOP Default Gateway 10.0.0.2 which is the ADSL Router IP Address

Test Workstation Connected to Green Interface via crossover - IPCOP DHCP
Test Workstaion Manual IP - 192.168.0.1 NW 192.168.0.0/24 GW 192.168.0.254 via Crossover to Green on IPCOP

ADSL Router IP 10.0.0.2 (Unsure how the default Gateway works here but presume it will be hardcoded as the ADSL Port

I Tested the IPCOP Firewall with the Following method

Setup an XP Machine (OUTSIDE) with IIS and FTP Operational – ADSL Router Switched off and Crossover cable plugged into XP Machine (OUTSIDE) using ADSL Router TCP/IP Settings. In effect OUTSIDE machine connected to RED Interface

Setup a second XP Machine (INSIDE) with IP of 192.168.0.1 – Network 192.168.0.0/24 and plugged into green Interface using Crossover Cable.

INSIDE XP Machine browsed the OUTSIDE XP machine Web Site via IP Address and also did a FTP download.

Assumption and Deduction

IPCOP working as a Firewall from a TCP/IP point of View. Issue must be related to ADSL Authentication and/or ADSL Routing

Questions.

I presume that the Authentication to the ISP is done on the ADSL Router.

I see references to “bridged mode” on the Internet and presume that ADSL Routers in Bridged mode become classic Hardware bridges (In other words, they convert protocols at the Hardware layer but DO NOT do any Routing – Is This assumption Correct,

My understanding is that an ADSL router in bridged mode stops functioning as a Router and becomes an ADSL to Ethernet Bridge with no routing, but with the ADSL Authentication being done by the ADSL “Bridge”

Is this correct, where does the authentication happen?.

The IPCOP Setup with Green and RED interfaces only does not appear to allow for ANY adsl authentication and if so, I then presume that this is intended to be done on the ADSL ROUTER

Am I correct in assuming that the Firewall Default gateway should be the Ethernet port of the ADSL Router.

Can someone point me to references on how to resolve and fault find this.

 

[!!DV!!]

1) The router does the authentication...

2) Bridge refers to PPPOe connection, if this is used the Pc does the authentication.

You need to set your router to "route" and enter the ISp details on your router.... You allso need to set your router to NAT and not IPCOP otherwise the double NAT could cause problems...

Now... You can allso set you router to bridge and connect it to the IPCop box and set IPCOP Red IF to ADSL and IPCop will handel the authentication and NAT for you.

 

[Toby]

I followed up on !!DVD!! Comments. (Thanks a Lot)

I am going to try the IPCOP box controlling everything route

Currently - ADSL Router is set for Following

NAT = Dynamic NAPT - I will disable NAT
Bridge = Disabled - I will enable it.

On IPCOP Side of Things.

I have got IPCOP configured for PPPOE on the RED Interface. Some Questions here.

On the Tabs/Options NETWORK/DIALUP SETTINGS/ADDITIONAL PPPOE SETTINGS

Should i Select PPPOE or PPPOE Plugin. (Note I have not installed any additional Software except the standard v1.4.11 CD)

What Should "Service Names" and "Concentrator Name" be set to

On the DNS Side, I Propose setting it to Manual and using standard SIAX DNS Servers - any additional Settings/Suggestions

On the IPCOPS Forum, some forumites suggest at least a six hour GAP from when Router Disconnected, Reconfigured and connected back as a "bridge" They suggest that arp tables need to clear at the IP end or else problems are experienced. As anyone seen this on the SAIX Network.

Anything else I should look out for, and thanks in advance for suggestions and help so far.

 

[koffiejunkie]

I have better luck with pppoe than pppoe plugin. Dunno why, they should work the same. Might be some telkom voodoo.

If you enable bridge mode on the router, you have to login to IP-COP on the command line, run setup, go to networking, and change the "address setting" of red to pppoe.

you can leave service name blank. Just tick "persistent," "connect at IP-COP start-up," set the number of retries to something like 500, and give your username&password. You can leave dns on automatic.

About the suggestion that you need to wait six ours after setting bridged mode, it's BS. Set it bridge, save/apply. switch off the router, switch back on - it should work. I'm not familiar with the Linsys routers, but on the Netgear 632 you don't have to power down at all - just set bridge and off you go.

 

[Toby]

Was busy with other stuff, so only tried today. Thanks for the help
IPCOP now operational with ADSL Router in Bridge Mode, Nat turned of on ADSL Router as IPCOP runs NAT. Authnetication on PPPOE Page on IPCOP