Another basic networking question.
Tim
ignored_mailbox at yahoo.com.au
Thu Apr 2 05:18:15 UTC 2009
On Thu, 2009-04-02 at 11:56 +1100, Simon Slater wrote:
> When a firewall computer has 2 nics, they should be on separate
> subnets? Yes?
That depends on how you want to use them. If the computer sits
*between* two networks, then yes.
> When an ISP dynamically assigns an ip address, is it associated with
> the dsl router, eth0 where it plugs in, or the ppp0 device that does the
> communicating?
That depends on how you're using the modem/router. If you're using it
just as a modem, it's the computer network interface that gets assigned
the internet address, and the computer does the authentication (if any).
If you're using it as a router, the router's WAN interface deals with
the ISP.
> So if eth1 goes to a lan and has its ip address configured in its
> ifcfg-eth1 and similarly eth0 on the wan side is configured to get its
> address from dhcp, is it the ISP's dhcp server that it needs to get the
> address from or the local dhcp server?
The ISP's DHCP server doesn't *get* anything from you, it gives you
addresses that it wants you to use.
> With respect to the ip address for configuration of the dsl router
> (defaults to 192.168.1.1 for this Linksys AG300), which subnet should it
> be on, the lan side or wan?
That's a badly formulated question that's hard to understand. But,
192.168.1.1 is a private address range, it should only be used on LANs.
However, some cheapskate ISPs, which don't have enough public IPs give
all their customers private IP addresses, and they do NAT between the
internet and their customers.
> Slightly more advanced: What are the pros and cons of using an ifup
> ppp0 command from the firewall computer to connect with the ISP versus
> connecting from within the dsl router itself?
If the computer is directly connected, it has to do all the firewalling,
and sharing the internet with other computers. If you have a router in
between, it handles all the networking, and you don't have to have any
particular computers on to use the network.
--
[tim at localhost ~]$ uname -r
2.6.27.19-78.2.30.fc9.i686
Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.
More information about the fedora-list
mailing list