Another basic networking question.

Thu Apr 2 06:19:34 UTC 2009

On Thu, 2009-04-02 at 15:48 +1030, Tim wrote:
> On Thu, 2009-04-02 at 11:56 +1100, Simon Slater wrote:
> > 	When a firewall computer has 2 nics, they should be on separate
> > subnets? Yes?
> 
> That depends on how you want to use them.  If the computer sits
> *between* two networks, then yes.
> 
Ok, go that.

> > 	When an ISP dynamically assigns an ip address, is it associated with
> > the dsl router, eth0 where it plugs in, or the ppp0 device that does the
> > communicating?
> 
> That depends on how you're using the modem/router.  If you're using it
> just as a modem, it's the computer network interface that gets assigned
> the internet address, and the computer does the authentication (if any).
> If you're using it as a router, the router's WAN interface deals with
> the ISP.
> 
This explains some of the inconsistencies that I've been seeing.  So
I'll settle on using it just as a modem and the computer for connecting
until I finish tweaking the rest of the setup.

> > 	So if eth1 goes to a lan and has its ip address configured in its
> > ifcfg-eth1 and similarly eth0 on the wan side is configured to get its
> > address from dhcp, is it the ISP's dhcp server that it needs to get the
> > address from or the local dhcp server?
> 
> The ISP's DHCP server doesn't *get* anything from you, it gives you
> addresses that it wants you to use.
> 
> > 	With respect to the ip address for configuration of the dsl router
> > (defaults to 192.168.1.1 for this Linksys AG300), which subnet should it
> > be on, the lan side or wan?
> 
> That's a badly formulated question that's hard to understand.

The fog of my confusion clouded my typing as well as my thinking.

>   But,
> 192.168.1.1 is a private address range, it should only be used on LANs.
> However, some cheapskate ISPs, which don't have enough public IPs give
> all their customers private IP addresses, and they do NAT between the
> internet and their customers.
> 
I'll try again now I understand a bit more.  To configure the Linksys
AG300, which is physically connected to eth0, I point a browser to
192.168.1.1 (by default, but this can be changed) and configure whatever
I need to.  When I use the computer to connect to the ISP via the same
eth0 and the ISP assigns me (at the moment) 210.84.25.73.  Does this
mean that I cannot configure the router because the ip's are now on
different subnets?  Then again, if used just as a modem, no real
configuration is needed?

> > 	Slightly more advanced: What are the pros and cons of using an ifup
> > ppp0 command from the firewall computer to connect with the ISP versus
> > connecting from within the dsl router itself?
> 
> If the computer is directly connected, it has to do all the firewalling,
> and sharing the internet with other computers.  If you have a router in
> between, it handles all the networking, and you don't have to have any
> particular computers on to use the network.
> 
I do want this computer to most of the work.

Thanks a lot Tim, this is just the type of clarification I needed.
Understanding this better is helping me get a handle on what is wrong in
other areas, like my dnsmasq configuration, which I think stems from
these issues.

-- 
Regards,
Simon Slater
Registered Linux User #463789. Be counted at: http://counter.li.org/