(Excuse me for being blunt here, but) bollocks! once you're logged into
the M10 as admin you can telnet from there to anywhere, out the PPP (vcc1)
or ethernet... and if boxes on the ethernet side have the M10 as their
default route (can't think why they wouldn't) I imagine the M10 would
probably happily route between them and the Telecom/vcc2 side (172.16.0.0)
with that static route...

BTW Telecom people, all your new 5.3.0R2 M10s don't have the option to
make vcc2 an admin only port turned on. This would stop pinholes over the
telnet port (which you can't do now without moving the telnet server to
another port) from blocking connections from your side, try this from the
console/telnet:

conf
set ip dsl vcc2 restrictions admin-only
save
exit
restart

No idea if this would force the telnet server onto port 23 for vcc2 even
if it's been moved to make room for a pinhole but it does disable address
mapping (NAT), and hence pinholes, on that interface. I could probably
test this on vcc1 tho...

J.

On Mon, 8 May 2000, Wayne Kampjes wrote:

> Michael,
> vcc2 is used to change the software. This vcc is mapped to Telecom for
> the duration of the upgrade but it is not possible to access the
> ethernet side (your network).
>
> >>> "Michael Bordignon" <michael.b@infometrics.co.nz> 8/05/00 13:57:46 >>>
> Even if the telnet port isn't pinholed (which it is on ours :) you can't
> telnet to the M10 on the vcc1 interface can you? I thought it was only the
> LAN interface you could telnet to it on...

To unsubscribe: send mail to majordomo@freebsddiary.cx
with "unsubscribe adsl" in the body of the message
Received on Fri May 12 08:18:17 2000