Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    A doubt about PPPoE

    Scheduled Pinned Locked Moved
    Firewalling
    1
    1
    128
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      antonito
      last edited by

      Let say that I want to provide access to my internet to other people.
      It is unclear to me if pfSense will allow other users to access the internet too.
      Maybe it is of common sense to not allow computers that were not authenticated through PPPoE, but i need to know that for sure.
      Maybe it is of common sense. If i allow PPPoE at the firewall, the rest of regular traffic that is not part of the PPPoE is blocked until an explicit extra permission is granted. I just need to clarify that out. For certain. Because i am looking into prices of hardware and want to know some things for certain before purchasing anything.

      PPPoE_unclear.jpg

      I am worried about MAC and IP Spoofing too.
      As shown in the image, somebody can perfectly hijack the IP and MAC of a client. The MiTM does not know the credentials of the user. So, maybe this question is about the protocol itself too - if somebody can hijack the MAC and IP but does not know the credentials(and did not obtain the credentials through hacking), and the router is configured to pass only PPPoE users, will PPPoE give it access to the internet? MiTM can perfectly hijack the MAC and IP of the client. Does not know the credentials though.

      The ISP could authenticate the user once in the beginning and grant permissions to his MAC address. Put that MAC in its table. After that, the MiTM supplants the user's PC and gets access to the internet. Or there is cryptographic authentication applied to every single piece of data the legit PPPoE user sends over the wire?

      I assure you, before posting here, i tried to read about the protocol and i searched about it on the internet. I even asked AI, but it did not make the things clear to me. I know the answer is of common sense, but i need a solid yes or not. You can assume i have slight paranoia.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post