[lug] cable modem network topology

Mr Viggy LittleViggy at alum.manhattan.edu
Fri Jul 19 17:55:49 MDT 2002

Oh, okay.  I'm not sure if I should take offense to your remark about 
Windows users...


My setup is (obviously) different, and if it were me, I'd setup masqing, 
since I have no need to contact any of the machines behind my firewall. 
  I'm using Windows right now because I screwed up, and instead of 
letting my company buy me a Cisco 678 External DSL router, I went for 
the free internal Intel router.  It has no Linux drivers.  Besides, my 
wife doesn't know Linux like I know Linux...



D. Stimits wrote:
> LittleViggy at alum.manhattan.edu wrote:
>> Why the need for Internet addys for each machine behind the firewall?  
>> Couldn't you setup IP masq'ing, and just use one Internet IP?
>> My setup (albeit DSL) is like this, on Windows (yuck!).  I have one 
>> machine that has the DSL card and an Ethernet card.  It's running 
>> NAT32p (a Windows program for doing IP masqing).  From the two 
>> machines behind the router machine, I can do anything I want 
>> (including VPN).  The only thing I cannot do is have people contact 
>> machines behind my router, which is not a problem for me.
>> If you could get away with that, it's prolly less of a headache to 
>> setup.  And, it saves you $10 /mo...  Best of all, the ISP really need 
>> not know that you've done this!
> I don't consider it acceptable to masquerade, these should be "full 
> feature" connections, all of them with the future ability to be 
> contacted from the outside if requested. Mainly I am thinking of being 
> able to get to my cvs for short periods via dropping my firewall on that 
> port for specific IP's, or making my internal web server visible to a 
> single outside IP address for short time periods. Then there is ssh also.
> The windows users are non-knowledgeable/non-security-conscious people 
> who are better off with protection against windows remote attacks.
> D. Stimits, stimits @ idcomm.com
>> :-)
>> Viggy
>> D. Stimits wrote:
>>> Within the last two weeks, my telephone line quality went permanently 
>>> downhill. Not only is it between 25% and 33% slower, latency seems to 
>>> have doubled. The phone company is not interested until it drops 
>>> below 14.4kbps. Within roughly the last week, cable modems became 
>>> available for a good price (especially compared to DSL).
>>> What I want to do is use an old P166 as the firewall/router/gateway, 
>>> but it is complicated by the need for 3 IP addresses, all of which 
>>> are dhcp/non-static. Each dynamic address beyond the first costs $5 
>>> each, but that is fine for 3 computers that might run at the same 
>>> time. The gateway/router/firewall does not need a routable IP as far 
>>> as I am concerned. What I wanted was something like this:
>>> cable modem
>>>    | (eth0)
>>>  P166 firewall/gate/router
>>>    | (eth1)
>>>  8 port switch
>>>    |
>>>    |- Machine 1
>>>    |- Machine 2
>>>    |- Machine 3
>>> But how to actually do this is a mystery, it seems as though the P166 
>>> would need eth0 to respond to multiple dhcp IP's, and then 
>>> transparently forward them to whichever machine booted up, while 
>>> still allowing rules to stop things like port 137-139 from passing 
>>> through. I have never set up a DHCP system, which seems easy if only 
>>> one machine touches the cable modem, but becomes problematic if the 
>>> P166 must simply pass through DHCP packets, then do the right 
>>> firewalling for each machine. Can this be done?
>>> D. Stimits, stimits @
>> idcomm.com
>> -------------------------------------------------------------
>>      This message was sent from Peak to Peak Internet.        DSL - 
>> V.90 modems - Web Hosting and Business connectivity             Please 
>> visit!  http://www.peakpeak.com                                 
>> (888)-600-PEAK                           
>> -------------------------------------------------------------
>> _______________________________________________
>> Web Page:  http://lug.boulder.co.us
>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> .

More information about the LUG mailing list