[lug] cable modem network topology

D. Stimits stimits at idcomm.com
Fri Jul 19 17:36:03 MDT 2002

LittleViggy at alum.manhattan.edu wrote:
> Why the need for Internet addys for each machine behind the firewall?  Couldn't 
> you setup IP masq'ing, and just use one Internet IP?
> My setup (albeit DSL) is like this, on Windows (yuck!).  I have one machine 
> that has the DSL card and an Ethernet card.  It's running NAT32p (a Windows 
> program for doing IP masqing).  From the two machines behind the router 
> machine, I can do anything I want (including VPN).  The only thing I cannot do 
> is have people contact machines behind my router, which is not a problem for me.
> If you could get away with that, it's prolly less of a headache to setup.  And, 
> it saves you $10 /mo...  Best of all, the ISP really need not know that you've 
> done this!

I don't consider it acceptable to masquerade, these should be "full 
feature" connections, all of them with the future ability to be 
contacted from the outside if requested. Mainly I am thinking of being 
able to get to my cvs for short periods via dropping my firewall on that 
port for specific IP's, or making my internal web server visible to a 
single outside IP address for short time periods. Then there is ssh also.

The windows users are non-knowledgeable/non-security-conscious people 
who are better off with protection against windows remote attacks.

D. Stimits, stimits @ idcomm.com

> :-)
> Viggy
> D. Stimits wrote:
>>Within the last two weeks, my telephone line quality went permanently 
>>downhill. Not only is it between 25% and 33% slower, latency seems to 
>>have doubled. The phone company is not interested until it drops below 
>>14.4kbps. Within roughly the last week, cable modems became available 
>>for a good price (especially compared to DSL).
>>What I want to do is use an old P166 as the firewall/router/gateway, but 
>>it is complicated by the need for 3 IP addresses, all of which are 
>>dhcp/non-static. Each dynamic address beyond the first costs $5 each, 
>>but that is fine for 3 computers that might run at the same time. The 
>>gateway/router/firewall does not need a routable IP as far as I am 
>>concerned. What I wanted was something like this:
>>cable modem
>>    | (eth0)
>>  P166 firewall/gate/router
>>    | (eth1)
>>  8 port switch
>>    |
>>    |- Machine 1
>>    |- Machine 2
>>    |- Machine 3
>>But how to actually do this is a mystery, it seems as though the P166 
>>would need eth0 to respond to multiple dhcp IP's, and then transparently 
>>forward them to whichever machine booted up, while still allowing rules 
>>to stop things like port 137-139 from passing through. I have never set 
>>up a DHCP system, which seems easy if only one machine touches the cable 
>>modem, but becomes problematic if the P166 must simply pass through DHCP 
>> packets, then do the right firewalling for each machine. Can this be done?
>>D. Stimits, stimits @
> idcomm.com
> -------------------------------------------------------------
>      This message was sent from Peak to Peak Internet.       
>  DSL - V.90 modems - Web Hosting and Business connectivity   
>           Please visit!  http://www.peakpeak.com             
>                     (888)-600-PEAK                           
> -------------------------------------------------------------
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug

More information about the LUG mailing list