[Techtalk] ADSL modems

John Clarke johnc+linuxchix at kirriwa.net
Sat Sep 25 16:52:43 EST 2004


On Sat, Sep 25, 2004 at 12:36:27 +1000, Kathryn Andersen wrote:
> On Fri, Sep 24, 2004 at 12:56:39PM +1000, John Clarke wrote:
>  
> > If you get a modem with ethernet (and I recommend you do), you simply
> > configure your PC to use dhcp for the external interface, and setup the
> > modem.
> 
> Um, excuse me for asking what is perhaps a stupid question, but why
> would one attach the modem to a PC instead of to the router?

Not a stupid question at all.  I assumed you were using a PC as your
router, and PC is easier to type :-)

> (thanks for the links, I'll look at them later)

You're welcome.  I use Internode, which is why I knew where to find the
info.

> > Double NAT might cause problems for some protocols (ipsec maybe?), but
> > I would expect it to mostly work fine.
> 
> Hmmmm.

I couldn't remember the details of the actual problem with IPSec and
NAT yesterday, and didn't have time to search for more info, which is
why I said maybe.  I've now found the info, and it's IPSec's AH mode
which is incompatible with NAT.

When using AH, the packets (data and headers, including source address
and port) are signed, and because NAT changes the source address and/or
port, the signature doesn't match.

ESP tunnel mode is compatible with NAT (and double NAT).  In this mode,
the original packet is encrypted and encapsulated inside another
packet, which NAT is free to modify.

See the VPN FAQ for more info:

    http://vpn.shmoo.com/vpn/FAQ.html

in particular, Q8, How does IPsec work with network address translation
(NAT)? 

> Yes, I was expecting to have to get at least one line filter; but you
> can get them from Dick Smith's I think.

You can.


Cheers,

John
-- 
Except if it's in a program, $NO probably evaluates to 'yes' for
"technical reasons".
            -- James Riden


More information about the Techtalk mailing list