[ale] Linux box as a router w/DHCP
Charles Shapiro
hooterpincher at gmail.com
Mon Jan 22 10:07:12 EST 2007
Aha. Yeah, I see now. So far I'm letting the modem/router I got from the ISP
handle that. My router just connects to it; the firewall rules on that side
don't need edited because I control both sides of that connection.
I reckon some day I'll have to do a little more work to make my ISP's box a
straight-through modem. Right now I'm doing two layers of NAT, which is one
more than I need.
-- CHS
On 1/22/07, James Sumners <james.sumners at gmail.com> wrote:
>
> The P2 machine I use, I got off eBay for $25.
>
> The "problem" with the IP address being assigned from the ISP via DHCP
> lies in the way the firewall scripts have to be written. If the ISP
> is... silly, and assigns a new IP address every lease renewal, or even
> every day (whatever), then they scripts have to be able to handle
> that. If you have a static IP from your ISP, then you can reference
> the same external IP in your firewall rules without care. If you have
> a dynamic IP, you have to get a little crafty and retrieve the current
> external IP every time the script is run.
>
> If you're using a third party script like the sentryCD system you are
> using, then you don't really have to worry about it. Such scripts are
> written to be generic and take such a scenario into account. If you
> are writing your own scripts, as I assume Mr. Kruger is, then you have
> to do it yourself.
>
> On 1/22/07, Charles Shapiro <hooterpincher at gmail.com> wrote:
> > Ooh, I have exactly this setup, using sentryCD (
> > http://www.linux.com/howtos/Sentry-Firewall-CD-HOWTO-1.shtml
> > ) on a machine with 2 NICs, a floppy drive, and no hard drive. I think
> it
> > has, like, 128 mb on a PII or so motherboard. You don't need a lot of
> power
> > to run one of these things -- betcha you could pick up a machine capable
> of
> > doing it for $80 or so at MicroSeconds.. I really likes SentryCD. It is
> a
> > bootable CD distro which uses a floppy to store configuration files and
> > scripts. I also have it running my caching local name server. Before I
> got
> > broadband I had it running diald ( http://diald.sourceforge.net/ ) to go
> > through the phone lines without a problem (well, besides how s l o w it
> > was).
> >
> > I just changed the link between the router and the modem/router
> supplied by
> > my ISP to be static, not DHCP. Using the DHCP server on the modem/router
> > means that it has to come up before the linux box in the event of a
> power
> > failure for things to work properly. So your wife is always after you to
> fix
> > the darn thing after a storm.
> >
> > I don't quite get why dhcp to your isp would be a problemo. As long as
> > you're using it and it's up, it should know what IP address it has. If
> it
> > reboots, it'll contact the dhcp server on the far end automatically when
> it
> > runs its client, right?
> >
> > -- CHS
>
> --
> James Sumners
> http://james.roomfullofmirrors.com/
>
> "All governments suffer a recurring problem: Power attracts
> pathological personalities. It is not that power corrupts but that it
> is magnetic to the corruptible. Such people have a tendency to become
> drunk on violence, a condition to which they are quickly addicted."
>
> Missionaria Protectiva, Text QIV (decto)
> CH:D 59
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ale
mailing list