| 1 |
On Friday 31 Oct 2014 06:52:54 J. Roeleveld wrote: |
| 2 |
> On Tuesday, October 28, 2014 07:31:56 PM Marc Joliet wrote: |
| 3 |
> > Am Tue, 28 Oct 2014 16:28:37 +0000 |
| 4 |
|
| 5 |
> > (I found a copy here: |
| 6 |
> > http://www.kabelfernsehen.ch/dokumente/quicknet/HandbuchTHG570.pdf) |
| 7 |
> > refers |
| 8 |
> > |
| 9 |
> > to "Transparent bridging for IP traffic", and AFAICT makes no mention of |
| 10 |
> > routing. It does explicitly say that it gets an IP address from the ISP, |
| 11 |
> > so I suspect that it acts as a bridge for all IP clients (like the "IP |
| 12 |
> > Client Mode" in Fritz!Box routers). So it sounds to me that the DHCP |
| 13 |
> > packets likely come from a server beyond the router. Is this the half |
| 14 |
> > bridge mode you alluded to? |
| 15 |
> |
| 16 |
> Not sure about half-bridge mode. But most cable-modems work in bridge-mode. |
| 17 |
> (If they have more then 1 ethernet-port, they act as routers) |
| 18 |
|
| 19 |
Yes, it seems to be a fully bridged modem. A PC or router behind it will be |
| 20 |
accessible from the Internet using your public IP address provided by the ISP. |
| 21 |
|
| 22 |
In a fully bridged mode the modem only manages encapsulation of your LAN hosts |
| 23 |
ethernet packets (using DOCSIS frames in the case of cable, or ATM frames in |
| 24 |
the case of ADSL). PPPoE or any other authentication method is undertaken by |
| 25 |
the PC or by the router behind it. There's no NAT'ing or routing performed by |
| 26 |
the modem - it is just a transparent bridge. |
| 27 |
|
| 28 |
In a typical half bridged mode the modem performs encapsulation of your |
| 29 |
packets AND authentication with the ISP's radius server. It also passes the |
| 30 |
public IP address over to the host in the LAN, but it doesn't just bridge - it |
| 31 |
routes it. The half bridged modem acts as an arp proxy. Some implementations |
| 32 |
advertise more addresses on the LAN side than the public ISP's address and |
| 33 |
offer the host a different IP address to the ISP's (usually public IP + 1 with |
| 34 |
255.255.255.0 instead of 255.255.255.255). MSWindows machines work fine with |
| 35 |
this, but Linux won't work without setting a static route to the ISP's gateway |
| 36 |
and complains that the gateway is not on public-IP/32. Cisco routers barf at |
| 37 |
this problem too. |
| 38 |
|
| 39 |
|
| 40 |
> > Oh, and there are two powerline/dLAN adapters in between (the modem is |
| 41 |
> > in |
| 42 |
> > |
| 43 |
> > the room next door), but direct connections between my computer and my |
| 44 |
> > brother's always worked, and they've been reliable in general, so I |
| 45 |
> > assume that they're irrelevant here. |
| 46 |
> |
| 47 |
> Uh-oh... If you have multiple machines that can ask for a DHCP-lease, you |
| 48 |
> might keep getting a different result each time it tries to refresh. |
| 49 |
> |
| 50 |
> > Furthermore, I found out the hard way that you *sometimes* need to |
| 51 |
> > reboot |
| 52 |
> > |
| 53 |
> > the modem when connect a different client for the new client to get a |
| 54 |
> > response from the DHCP server (I discovered this after wasting half a day |
| 55 |
> > trying to get our router to work, it would log timeouts during |
| 56 |
> > DHCPDISCOVER). I didn't think it was the modem because when we first got |
| 57 |
> > it, I could switch cables around between my computer and my brother's and |
| 58 |
> > they would get their IP addresses without trouble. *sigh* |
| 59 |
> |
| 60 |
> That's a common flaw. These modems are designed with the idea that people |
| 61 |
> only have 1 computer. Or at the very least put a router between the modem |
| 62 |
> and whatever else they have. |
| 63 |
> Please note, there is NO firewall on these modems and your machine is fully |
| 64 |
> exposed to the internet. Unless you have your machine secured and all |
| 65 |
> unused services disabled, you might as well assume your machine |
| 66 |
> compromised. |
| 67 |
|
| 68 |
Yes, the way these modems work you may need to reboot the modem so that it |
| 69 |
flushes its arp cache if you start reconnecting machines to it. |
| 70 |
|
| 71 |
|
| 72 |
> I once connected a fresh install directly to the modem. Only took 20 |
| 73 |
> seconds to get owned. (This was about 9 years ago and Bind was running) |
| 74 |
> |
| 75 |
> > - At the time there was no router, just the modem. We now have a |
| 76 |
> > Fritz!Box |
| 77 |
> > |
| 78 |
> > 3270 with the most recent firmware, but we got it after I "solved" this |
| 79 |
> > problem. |
| 80 |
> > |
| 81 |
> > - I don't know whether we have an IP block or not; I suspect not. At the |
| 82 |
> > very least, we didn't make special arrangements to try and get one. |
| 83 |
> |
| 84 |
> Then assume not. Most, if not all, ISPs charge extra for this. (If they |
| 85 |
> even offer it) |
| 86 |
|
| 87 |
You would typically have two IP addresses with a half bridged modem, but only |
| 88 |
one of these would be usable by the PC/router in your LAN. Personally I find |
| 89 |
all this a bothersome faff and only buy and set up modems in fully bridged |
| 90 |
mode, so that they get out of the way and let me route things using a router. |
| 91 |
|
| 92 |
-- |
| 93 |
Regards, |
| 94 |
Mick |
Archives