[lug] cable modem network topology
LittleViggy at alum.manhattan.edu
Fri Jul 19 17:55:49 MDT 2002
Oh, okay. I'm not sure if I should take offense to your remark about
My setup is (obviously) different, and if it were me, I'd setup masqing,
since I have no need to contact any of the machines behind my firewall.
I'm using Windows right now because I screwed up, and instead of
letting my company buy me a Cisco 678 External DSL router, I went for
the free internal Intel router. It has no Linux drivers. Besides, my
wife doesn't know Linux like I know Linux...
D. Stimits wrote:
> LittleViggy at alum.manhattan.edu wrote:
>> Why the need for Internet addys for each machine behind the firewall?
>> Couldn't you setup IP masq'ing, and just use one Internet IP?
>> My setup (albeit DSL) is like this, on Windows (yuck!). I have one
>> machine that has the DSL card and an Ethernet card. It's running
>> NAT32p (a Windows program for doing IP masqing). From the two
>> machines behind the router machine, I can do anything I want
>> (including VPN). The only thing I cannot do is have people contact
>> machines behind my router, which is not a problem for me.
>> If you could get away with that, it's prolly less of a headache to
>> setup. And, it saves you $10 /mo... Best of all, the ISP really need
>> not know that you've done this!
> I don't consider it acceptable to masquerade, these should be "full
> feature" connections, all of them with the future ability to be
> contacted from the outside if requested. Mainly I am thinking of being
> able to get to my cvs for short periods via dropping my firewall on that
> port for specific IP's, or making my internal web server visible to a
> single outside IP address for short time periods. Then there is ssh also.
> The windows users are non-knowledgeable/non-security-conscious people
> who are better off with protection against windows remote attacks.
> D. Stimits, stimits @ idcomm.com
>> D. Stimits wrote:
>>> Within the last two weeks, my telephone line quality went permanently
>>> downhill. Not only is it between 25% and 33% slower, latency seems to
>>> have doubled. The phone company is not interested until it drops
>>> below 14.4kbps. Within roughly the last week, cable modems became
>>> available for a good price (especially compared to DSL).
>>> What I want to do is use an old P166 as the firewall/router/gateway,
>>> but it is complicated by the need for 3 IP addresses, all of which
>>> are dhcp/non-static. Each dynamic address beyond the first costs $5
>>> each, but that is fine for 3 computers that might run at the same
>>> time. The gateway/router/firewall does not need a routable IP as far
>>> as I am concerned. What I wanted was something like this:
>>> cable modem
>>> | (eth0)
>>> P166 firewall/gate/router
>>> | (eth1)
>>> 8 port switch
>>> |- Machine 1
>>> |- Machine 2
>>> |- Machine 3
>>> But how to actually do this is a mystery, it seems as though the P166
>>> would need eth0 to respond to multiple dhcp IP's, and then
>>> transparently forward them to whichever machine booted up, while
>>> still allowing rules to stop things like port 137-139 from passing
>>> through. I have never set up a DHCP system, which seems easy if only
>>> one machine touches the cable modem, but becomes problematic if the
>>> P166 must simply pass through DHCP packets, then do the right
>>> firewalling for each machine. Can this be done?
>>> D. Stimits, stimits @
>> This message was sent from Peak to Peak Internet. DSL -
>> V.90 modems - Web Hosting and Business connectivity Please
>> visit! http://www.peakpeak.com
>> Web Page: http://lug.boulder.co.us
>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
More information about the LUG