What you are describing sounds like a bit of a wacky setup to me, but the
solution is probably not easy to do with m0n0 or FreeBSD.
If I was using a Cisco, I would probably start thinking along the lines of
source address routing (that is routing based on where the packet came from,
rather than where it is going to which is destination address routing - the
This feature has just recently been added to OpenBSD-CURRENT so you might
want to take a look at that.
----- Original Message -----
From: "Mitch (WebCob)" <mitch at webcob dot com>
To: "Peter Curran" <peter at closeconsultants dot com>; "Chris Bagnall"
<m0n0wall at minotaur dot cc>; "Hugo Hamel" <hhamel at privalodc dot com>; "Pauline
Middelink" <middelink at polyware dot nl>; <m0n0wall at lists dot m0n0 dot ch>
Sent: Wednesday, July 28, 2004 12:37 PM
Subject: RE: [m0n0wall] RE : [m0n0wall] Re: ATM WAS RE: [m0n0wall] RE :
[m0n0wall] Traffic Shaping issue
> > You are absolutely correct. The reason is because BT uses an ATM
> > for its data services and all ADSL retailers in the UK are either BT or
> > wholesalers of the BT service. (There are a couple of exceptions who
> > actually put their own kit in the exchanges, but that is rare).
> > Irrespective of your ADSL provider, 99.99% of the time you are being
> > authenticated by a BT server and then routed across the BT ATM network
> > the ISP (ADSL provider) of your choice.
> > BT only use PPPoA.
> > ATM is expensive, unless you can acheive an economy of scale -
> > which you can
> > if you are BT. (I should point point out at this point that ATM was
> > designed by and for the large telcos - any idea that ATM should be used
> > anybody else is marketing BS :-)
> This is the same scenario here I think.
> At least I have some comfort that I'm not alone!
> Vancouver Canada here ;-)
> Before someone says "HEY take this off topic stuff off list", I'll repeat,
> that I want to use monowall at all my end points, which I think (by a
> keeps me on topic ;-)
> We are currently using the services of an ADSL wholesaler who buys their
> service from the local telco. The telco owns the dslams and the ATM ring
> that goes around the province. We get a port mapped to a vlan which
> currently winds up with our traffic going to our ISP's router. My
> understanding is that each of these ports, due to the vlan connection,
> communicate directly with each other - only with the assigned head end
> router, which for whatever reason is not smart enough to retransmit
> back out the same interface to a different IP to allow the clients to
> communicate UNLESS they are on different subnets.
> So... suggestions?
> I want to take over that head end routing function. I am considering a
> FreeBSD box in that location. I apparently have freedom of options for how
> connect my clients (currently a mismash of small cheap routers, hopefully
> all converting to mono's)...
> Some of the clients are mono's
> Some are linksys / smc etc.
> A common option is either DHCP / Static IP assignment
> I COULD use private addresses and subnets, aliasing gateway addresses on
> FreeBSD box at the ISP colo, not sure this would work... I could do 1:1
> natting there for their intended public address to allow port forwarding
> work to their router...
> I could use PPPoE, but not sure how much load this would put on the
> I could do things as they are now, with each box unable to communicate
> each other, and use OpenVPN's central hub support to selectively route and
> firewall traffic between VPN end points...
> Given the situation, are there any recommendations? I've never played with
> PPPoE - isp's here don't use it... I'm not sure if FreeBSD will retransmit
> route traffic from two different subnets back out the same interface it
> in on...
> The analogy I've used in the past (and confused some people, so if it
> doesn't help, ignore it)...
> Consider a vlan capable switch.
> Port 1 is connected to my central router.
> Port 2 - 24 are connected to clients.
> Each client port (2 - 24) has a vlan with Port 1. I want to plug mono in
> each of the 2-24 ports, and something on FreeBSD at port 1. I want to be
> able to allow traffic (all, filtered prefered) to travel between any two
> ports (2-24) but this must be handled by the router on port 1. I can't
> change this - it's the way the telco provides things.
> Thanks for all your help so far - at least I know I'm not alone ;-)
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.