Modems

This is a guide to configuring ADSL and other modems for allowing a Linux server to expose services such as:

  • A Web site
  • FTP server
  • POP3/IMAP server
  • and more

 

to the outside world, i.e. the internet.

There are a number of methods available for this, not all modems support all methods:

  1. Half Bridge
  2. DMZ
  3. Port forward/Applications
  4. Full Bridge

HALF BRIDGE MODE

This is the simplest method and recommended method to deploy a Linux server and is characterised by:

  • Exposing the PUBLIC IP address of the internet connection directly to the server via the modem.
  • The modem performing the PPPOA or PPPOE protocol decode hence is configured with the username/password details of the ISP.
  • No routing function hence there is one less route or "hop" to access the internet.
  • The ethernet card in the server MUST be in DHCP mode.
  • No need for any further setup in the modem in terms of DMZ or Port Forwards.
  • The server MUST be in gateway-firewalled mode.
  • Webconfig is used to open particular services to the internet in "incoming" firewall.

 

One disadvantage of Half Bridge mode is that if the modem has an embedded multi-port switch then no other devices can be connected to the modem, only the server.

DMZ

  • This is the second option to consider if there is no half bridge mode in the modem OR it is required that OTHER devices other than the server are connected via ethernet to the modem.
  • The server can either be in DHCP or FIXED IP mode, although it is required that the modem always lock-in the same IP address to the modem which will be the same address as the DMZ one. If not possible to lock it in, used FIXED IP mode with the gateway address in the server set to the Modem LAN IP address and the DNS set to the ISP DNS address(es). TIP: Use google for DNS at 8.8.8.8 or 8.8.4.4 which is resilient to "DNS poisoning" and bypasses ISP specific lookup pages etc. (Think Bigpond or Optus). Either way the DMZ setting in the modem is turned on and locked into the WAN IP address of the server.

OTHER

If neither Half Bridge or DMZ is available, consider doing individual port forwards or application server settings in the modem to services such as http, ftp, ssh etc etc at the server.  This is the most involved option to setup and administer but in some cases there is no choice.

As a last resort consider running the Modem in full bridge mode by which the server runs a PPP process and maintains the connection to the ISP and authetication.  A disadvantage here is that it puts additional load on the server for it to do the PPP decode, but no other additional settings are required as per half bridge mode.