cancel
Showing results for 
Search instead for 
Did you mean: 

Bridged router with IP address block

z0mb13e
Grafter
Posts: 34
Registered: 30-07-2007

Bridged router with IP address block

Hi All,
I have recently been trying to get a fortigate 50b firewall/router working to replace an increasingly flaky Smoothwall box. All is easy with the smoothwall box and an internal PCI adsl modem, but things are really messy with the fortigate. I don't want double nat'ing as it will break lots of apps.
I can get the firewall to work in transparent mode but to get the most out of it (i.e. DMZ on firewall/router rather than on modem/router) I want it working in full firewall/router mode.
I first tried a basic netgear router in bridge mode (which is  a hidden option on the router in question). This didn't work.
Having done this in the past I figured I would do it with real ip addresses one for the router in bridge mode and one for the wan port of the firewall. Or if I could get it working with 1 ip I could have one spare to use on my DMZ.
So I now have an IP block of 4 addresses (which gives me two ips - I lose two for the network and broadcast addresses). Next up I bought a better router that officially supports bridging. Its a Zyxel P622. I say officially - the manual says switch the mode to 'bridge' and very little else.
(At this point from more googling I note there are a couple of different modes of operation for bridge mode - one does the adsl authentication (ie username and password) - refered to as transparent bridging and the other does not, requiring the authentication to be done by the firewall in this case.
So I setup the new router in router mode and it connects and everything works as expected.
Next I switched it to bridged mode and log in to the firewall and start setting up the ppp connection but note that it only supports PPPoE, not PPPoA. The router shows the adsl light indicating that it has ADSL sync but not internet light and a call to support reveals that it isn't attempting to authenticate - not surprising as it is set to PPPoE and not PPPoA. Anyone know a way round this?
A bit more googling and I found a method to switch the zyxel router into transparent bridge (where the router does the authentication), so I tried this and again, the same as above. Synch but no auth.
This is pretty frustrating as I have used modem/routers in bridge (or modem only) mode a number of times in the past with the modem/router doing the authentication and it has always been reasonably straight forward.
Has anyone setup a Zxyel P622H as a transparent bridge before or does it just not work?
3 REPLIES
LNNFN
Dabbler
Posts: 23
Registered: 12-12-2008

Re: Bridged router with IP address block

Quote from: z0mb13e
... not surprising as it is set to PPPoE and not PPPoA. Anyone know a way round this?

PPPoE is fully supported on every BT Wholesale DSLAM/MSAN in the UK - I'm using PPPoE right now!  Wink
I've no idea how to setup the Zyxel, but the easiest modem to setup in 'bridge' mode is the BT Voyager 190 - there are no user adjustable settings.
It was made for use with the AOL PPPoE client software (but it works with any PPPoE client) and has a non-adjustable VPI=0 & VCI=38.  Lips are sealed
http://community.plus.net/forum/index.php?action=dlattach;topic=71238.0;attach=6465;image
I'm currently connected via IPCop V1.4.21 and a BT Voyager 190.
22:06:30 ipcop PPP has gone up on ppp0
22:06:21 ipcop Dialling THuh?H? PPPoE.
22:06:20 ipcop Starting RED device eth1.
z0mb13e
Grafter
Posts: 34
Registered: 30-07-2007

Re: Bridged router with IP address block

PPPoE is supported in the UK?!? How long has that been the case?
That should make things a little easier.
Still doesn't explain why the fortigate and the zyxel weren't talking when the zyxel was in bridge mode - the fortigate should have been able to authenticate via the zyxel if PPPoE is supported.
When configuring one device to do PPPoE (or A) over another, and when one of those devices has multiple 'lan' ports is there any extra configuration needed? - This stuff happens on layer 2 right... I would expect the devices to learn the route automagically and for it to just work - am I missing something else?
I remember doing this sort of thing with a BT supplied modem/router for the early DSL lines. It came with a BT hacked firmware that pretty much only allowed you to put in your username and password - it connected and chucked out your public ip address on the LAN side - That is what I was aiming for - Will look at the BT Voyager 190...
LNNFN
Dabbler
Posts: 23
Registered: 12-12-2008

Re: Bridged router with IP address block

Quote from: z0mb13e
PPPoE is supported in the UK?!? How long has that been the case?

At least 3 years.
Quote from: z0mb13e
Still doesn't explain why the fortigate and the zyxel weren't talking when the zyxel was in bridge mode

It's not always easy to setup routers in 'bridge' mode. Sometimes the supplied documentation is less than clear. Don't forget to set the VPI & VCI.

Quote from: z0mb13e
This stuff happens on layer 2 right... I would expect the devices to learn the route automagically and for it to just work - am I missing something else?

I believe that is the case.
Good Luck!