Matthew Crocker wrote: We require a NAT device or true firewall on all DSL customer connections. We sell cheap Linksys boxes to customers or they can upgrade to a SonicWall.
This makes a lot of sense to me. It's not a silver bullet, but it does help.
I still like PPPoE for customer authentication because I can place individual packet filters or re-assign users to different contexts based on username/password authentication. PPPoE/NAT is a good combination.
Tends to be a non-issue now, but it's a lot easier to deal with PPPoE on the Linksys than have the customer install a more or less crummy PPPoE client on their PC. The cost of dealing with one customer that trashed their PC installing an early PPPoE client (with the help of helpdesk :-( is worth ten Linksys. Michel.