[Cialug] Cisco 678 ADSL router.

Claus cniesen at gmx.net
Mon Jul 11 16:50:23 CDT 2005


On 7/11/2005 2:38 PM, Dave Weis wrote:
> Claus wrote:
> 
>> On 7/11/2005 9:51 AM, Dave Weis wrote:
>>
>>>
>>> On Mon, 11 Jul 2005, David Champion wrote:
>>>
>>>> Claus wrote:
>>>>
>>>>> On 7/10/2005 10:22 PM, Dave Weis wrote:
>>>>>
>>>>>> On Sat, 9 Jul 2005, bofh at visi.com wrote:
>>>>>>
>>>>>>> For just plain PnP DSL, it's not bad.
>>>>>>> However, I'm doing a bit more with transparent rfc1483 bridging 
>>>>>>> to a--for
>>>>>>> now--linksys vpn router.  The lack of a serial port for 
>>>>>>> monitoring what's
>>>>>>> happening with the connection is just driving me insane.
>>>>>>
>>>>>>
>>>>>>
>>>>>> You can telnet to the actiontec with username/password of admin 
>>>>>> and poke around. It's running Linux. The web interface also shows 
>>>>>> some of the info.
>>>>>
>>>>>
>>>>>
>>>>> I didn't think the actiontec supports bridging.  Am I wrong or has 
>>>>> the firmware changed since I looked at it?
>>>>
>>>>
>>>>
>>>> Something I'm planning to do Real Soon Now(tm) - I have the white 
>>>> Actiontec that requires the goofy wireless card, but I have a 
>>>> perfectly good d-link router / AP... so I was going to set the 
>>>> Actiontec to put the d-link in it's DMZ, and use the d-link for 
>>>> everything else.
>>>>
>>>> Not 100% sure this will work - there is the potential that going 
>>>> thru 2 routers will cause issues with certain protocols, but I'll 
>>>> give it a try.
>>>
>>>
>>> They do still support briding fine, I've got a couple clients on 
>>> other ISP's that use them. You can still give it a 192.168 IP for 
>>> administration.
>>>
>>> I don't know if the dmz thing will work, have to try it.
>>
>>
>> I don't know much and that's why I'm wary.  The DSL modem even in 
>> bridging mode is unprotected and thus I like the 678, since you can 
>> only access via the serial port.
>>
>> I had a very brief encounter with the Actiontech a couple years ago 
>> and noticed that you have to connect via the web to configure it.  
>> Very bad for security, especially since it's in front of my firewall.  
>> I also recall that disabling the web administration makes it pretty 
>> hard to do any configurations after that.  Way to painful to use IMHO.
> 
> 
> The web interface is only accessible on the lan side unless you've 
> explicitly enabled it on the wan side and set a password.
> 
> dave

But wouldn't a bridge by definition pass everything from the WAN to the 
LAN side (and vice versa)?  I'm not sure if the LAN interface could see 
it as a connection and respond.  Probably depends on the Actiontech 
software, right?

In any case you would have to trust Actiontech's software.  I just like 
the fact that I have a firewall that I know as the first defense.  So 
all blame goes to me and aren't due to surprises of a black box.

   Claus


More information about the Cialug mailing list