12-08-2009 06:28 PM
We have a BT Business broadband account
It was provided with a BT2700HGV modem/router
We also purchased a block of 5 public static IPs
We have a hardware firewall connected to the BT kit, behind which our LAN sits.
We have allocated one of our static addesses to the external interface of our firewall.
In addition, we currently have a number of webservers connected directly to the BT router, each with a public IP
Really, we want the BT box to act in bridge mode, such that all traffic is passed to the firewall, which can then have the webservers hanging off one of its interfaces - this makes management a lot simpler, and means we can route internal requests to the webservers independantly of what the BT kit is doing.
However, the BT box seems loathe to stop routing!
I tried putting the BT box in bridge mode, but it seems we need to authenticate using PPPoA, and our hardware firewall can only authenticate using PPPoE, so that didn't work too well.
In essence we are trying to get to the situation where all incoming traffic arrives transparently at our firewall, which can then decide what to do with it, with the minimum of inteligence on the part of the BT box.
I would imagine that this is a fairly common problem, but the very nice BT phone support people were stumped.
Does what I have said above make sense? Can anyone propose a solution?
12-08-2009 07:45 PM
Just a thought...
I see that the BT router has something called "DMZPlus" mode.
Forgetting its annoyingly modern name, as far as I can tell, what it does it this:
Passes all WAN traffic to the specified computer, and then assigns that specified computer the WAN IP of the modem using DHCP.
The requirement to use DHCP seems a bit messy, and I see someone has posted sugesting VPN to the DMZ machine is a problem, but it sounds like it could work... all traffic to all of my static range of IP's would be sent to my DMZ firewall gateway - just as would happen in bridge mode if I could have got it working, but with the modem still dealing with PPPoA authentication...
13-08-2009 07:49 AM
that is another thread on how to set up bridge mode. go for it!
13-08-2009 07:52 AM
ps. i have set this up once before and i think that is was PPPoE on that device too.... but it worked.
your alternative is a 3rd party router. it will be easier to set up.
13-08-2009 09:35 AM
Hi - yes, I found that post. However, my attempt to authenticate using PPPoE failed, and my BT router then got its knickers in such a twist that I had to do a hardware reset.
I asked BT support, and they emphatically told me that I certainly had to use PPPoA authentication, and that PPPoE would not work.
If you reckon this should work, I may give it another go when noone is using the network one weekend...
13-08-2009 09:41 AM
i may be wrong it was a couple of months ago and i wasnt really paying attention to the hardware firewall settings so i may have used PPPoA. it would make more sense if i had done it with PPPoA
13-08-2009 11:42 AM - edited 13-08-2009 11:44 AM
Couple of things you need to be aware of with bridged mode is the need to initiate the connection with the PPPoE device and not the router.
The internet light on the router should always be off.
If the light IS on then then routing is still enabled.
Go to settings > broadband > link config and take the tick out of enable routing at the bottom.
The PPPoE device should automatically initiate the connection with no reeboots required.
If the light is off and your getting auth errors make sure the PPPoE device is using CHAP authentiation and your using the network login and not the email address.
You can reset the network login password through the business portal just to be sure.
Let me know if you need the path to get there.
13-08-2009 11:58 AM
Ok - so you are pretty certain that although the BT router, when in routing mode, is set to use PPPoA authentication, if I set it to bridging mode, I should still be able to connect by asking my hardware firewall toauthenticate using PPPoE?
(Looking at the plink given in an eralier post, when I enable bridging mode I also have to change the LLU-Bridged mode and Static IP on the link settings page)
13-08-2009 12:24 PM - edited 13-08-2009 12:26 PM
Yes Direct IP when disabling routing.
And yes you set the firewall to connect via PPPoE with CHAP.
Got it working with a PIX the other day.