DHCP spoofing / PPP half-bridge ADSL modem problems

From:	"Chris Bagnall" <m0n0wall at minotaur dot cc>
To:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	DHCP spoofing / PPP half-bridge ADSL modem problems
Date:	Mon, 28 Jun 2004 20:06:37 +0100
Hello all,

I'm trying to persuade my ADSL modem to work with m0n0wall without much
success. The unit in question is an ADSLNation X-Modem CE (based on a
Conexant chipset). It's supposed to authenticate the ADSL connection using
PPPoA (not much choice about this here in the UK), then pass the WAN IP
through its internal DHCP server to the first LAN client that connects (aka
DHCP spoofing / PPP half bridge).

I've managed to get it to pass the WAN IP back to m0n0wall successfully, but
I can't seem to actually get any packets out from the LAN -> m0n0 -> ADSL
modem. I'm reasonably sure it's sending packets back to m0n0 - the firewall
logs are filling up with the normal collection of compromised windows
machines probing NetBIOS ports on 135 and 445, so it's obviously getting
something back from the modem.

The system logs look like this during connection:
Jun 28 19:25:31 	dhclient: DHCPREQUEST on fxp2 to 10.10.4.253 port 67
Jun 28 19:25:41 	dhclient: DHCPREQUEST on fxp2 to 255.255.255.255
port 67
Jun 28 19:25:41 	dhclient: DHCPACK from 10.10.4.253
Jun 28 19:25:41 	dhclient: New Network Number: 81.153.61.0
Jun 28 19:25:41 	dhclient: New Broadcast Address: 255.255.255.255
Jun 28 19:25:41 	dhclient: bound to 81.153.61.207 -- renewal in 44
seconds.
Jun 28 19:25:44 	/kernel: arplookup 81.153.61.207 failed: host is not
on local network
Jun 28 19:25:44 	/kernel: arpresolve: can't allocate llinfo for
81.153.61.207rt
Jun 28 19:26:04 	/kernel: arplookup 81.153.61.207 failed: host is not
on local network
Jun 28 19:26:04 	/kernel: arpresolve: can't allocate llinfo for
81.153.61.207rt
Jun 28 19:26:09 	/kernel: arplookup 81.153.61.207 failed: host is not
on local network

arpresolve and arplookup lines just repeat every few seconds after that.
m0n0wall's firewall rules are set up as per the default (nothing inbound,
anything from the lan outbound allowed). Also worth mentioning I can't ping
any external site (either by name or IP) from the m0n0 ping diagnostic pages
either.

Any thoughts on this would be gratefully appreciated. I've now tried a
SpeedTouch 530, Zoom X3 and now this modem to try and find a device that'll
play nice with m0n0wall. Unfortunately here in the UK we're tied to PPPoA
since that's the way the ADSL market has chosen to go over here.

Thanks in advance.

Regards,

Chris
-- 
C.M. Bagnall, Partner, Minotaur
Tel: 070 10710715   ICQ: 13350579   MSN: minotauruk at hotmail dot com   AIM:
MinotaurUK
This email is made from 100% recycled electrons.