Re: Recommendation of ADSL modem

[<steve_(_dot_)_kersley_(_at_)_keble_(_dot_)_ox_(_dot_)_ac_(_dot_)_uk>]

On 16 Feb 2005 at 13:32, Damian Gerow wrote:
> Thus spake steve_(_dot_)_kersley_(_at_)_keble_(_dot_)_ox_(_dot_)_ac_(_dot_)_uk (steve_(_dot_)_kersley_(_at_)_keble_(_dot_)_ox_(_dot_)_ac_(_dot_)_uk)
> [16/02/05 13:16]: : I'd prefer to have the BSD box doing the
> connection and NAT/firewall : than use an ethernet to ADSL modem.

> Why?

Perhaps I've been misinformed/misread or just seen one modem and 
assumed that the others worked the same.
I had seen that some ethernet-ADSL modems work like single port 
routers and do NAT internally, talking across the ethernet interface with 
an internal address.  My experiences of cheap NAT implementations in 
ADSL routers is not good - stateless UDP traffic between a not-huge 
amount of hosts quickly overflowing internal address tables and 
crashing the router, needing physically unplugging from the power to 
restart.

This box is going to be doing firewall and NAT for potentially a couple 
of hundred uncontrolled machines - unlikely to be simultaneously, but 
still, if one or two of them have a virus and start trying to hammer the 
network I don't want it to break, or if it does, I want the BSD box to be 
able to reconnect without needing to manually pull the plug on the box 
(and to use PF to throttle the connections anyway).
It's because the machines are uncontrolled that I'm restricting them to 
the ADSL link.  That and the terms of use on our real network 
connection...

Perhaps ethernet-ADSL modems don't work the way I'd thought so 
might have to investigate more thoroughly.

Steve.