On Thu, 2009-04-02 at 15:48 +1030, Tim wrote:
On Thu, 2009-04-02 at 11:56 +1100, Simon Slater wrote:
> When a firewall computer has 2 nics, they should be on separate
> subnets? Yes?
That depends on how you want to use them. If the computer sits
*between* two networks, then yes.
Ok, go that.
> When an ISP dynamically assigns an ip address, is it associated
with
> the dsl router, eth0 where it plugs in, or the ppp0 device that does the
> communicating?
That depends on how you're using the modem/router. If you're using it
just as a modem, it's the computer network interface that gets assigned
the internet address, and the computer does the authentication (if any).
If you're using it as a router, the router's WAN interface deals with
the ISP.
This explains some of the inconsistencies that I've been seeing. So
I'll settle on using it just as a modem and the computer for connecting
until I finish tweaking the rest of the setup.
> So if eth1 goes to a lan and has its ip address configured in
its
> ifcfg-eth1 and similarly eth0 on the wan side is configured to get its
> address from dhcp, is it the ISP's dhcp server that it needs to get the
> address from or the local dhcp server?
The ISP's DHCP server doesn't *get* anything from you, it gives you
addresses that it wants you to use.
> With respect to the ip address for configuration of the dsl router
> (defaults to 192.168.1.1 for this Linksys AG300), which subnet should it
> be on, the lan side or wan?
That's a badly formulated question that's hard to understand.
The fog of my confusion clouded my typing as well as my thinking.
But,
192.168.1.1 is a private address range, it should only be used on LANs.
However, some cheapskate ISPs, which don't have enough public IPs give
all their customers private IP addresses, and they do NAT between the
internet and their customers.
I'll try again now I understand a bit more. To configure the Linksys
AG300, which is physically connected to eth0, I point a browser to
192.168.1.1 (by default, but this can be changed) and configure whatever
I need to. When I use the computer to connect to the ISP via the same
eth0 and the ISP assigns me (at the moment) 210.84.25.73. Does this
mean that I cannot configure the router because the ip's are now on
different subnets? Then again, if used just as a modem, no real
configuration is needed?
> Slightly more advanced: What are the pros and cons of using an
ifup
> ppp0 command from the firewall computer to connect with the ISP versus
> connecting from within the dsl router itself?
If the computer is directly connected, it has to do all the firewalling,
and sharing the internet with other computers. If you have a router in
between, it handles all the networking, and you don't have to have any
particular computers on to use the network.
I do want this computer to most of the work.
Thanks a lot Tim, this is just the type of clarification I needed.
Understanding this better is helping me get a handle on what is wrong in
other areas, like my dnsmasq configuration, which I think stems from
these issues.
--
Regards,
Simon Slater
Registered Linux User #463789. Be counted at:
http://counter.li.org/