Re: It works, but now....
From: P.T. Breuer (ptb_at_oboe.it.uc3m.es)
Date: 12/31/03
- Next message: B'ichela: "NIS howto, any updates"
- Previous message: Vladimir J Alarcon: "Re: Yet another newbie question"
- In reply to: William D. Tallman: "It works, but now...."
- Next in thread: Jeroen Geilman: "Re: It works, but now...."
- Reply: Jeroen Geilman: "Re: It works, but now...."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 31 Dec 2003 21:30:36 GMT
William D. Tallman <wtallman@olypen.com> wrote:
> DSL: ISP -> Qwest/Actiontec 1524 -> eth0. It works.
Hi Bill! (rubs hands ...)
> Today I reset everything so that the Actiontec is connected to the ethernet
> switch, and the two machines also connected thereto.
That will make no difference at all. The switch is transparant.
Provided you remembered to pass the cable into the correct hole! You'll
want the "uplink" hole if the actiontec is expecting to feed a switch.
If the actiontec is expecting to feed a NIC, then you'll want one of the
ordinary holes.
There often is a switch for port 1 or 8 that switches it round. Or you
can flip the cable on the uplink between a crossover cable and a normal
cable.
> Physically, it's a
> LAN connected to a DSL router-modem, which means that the router is the
> only internet firewall for the LAN, leaving the machines to protect
> themselves. DSL still works, but now I wish to reconfigure the LAN itself
> to function thus.
> So now we have: Actiontec="192.168.0.1", Linux box="192.168.0.10",
> Windows box without an address at the moment. The latter should be set to
> "192.168.0.20", I would think.
Isn't "666" a valid address? What is that in base 256 ... umm, 2.154 .
> I understand that the router will ignore traffic not intended for it, ie LAN
> traffic. Is that true?
The router will only get stuff passed to it that bears the address of
the router's LANside interface, i.e. "0.1". The switch would have to
reason to send packets to its (uplink) port otherwise. So you must set
the router as gateway to the internet on each of your LAN machines, in
order that packets for the outside world bear the necessary devils
imprint on their foreheads.
LAN traffic may have the router named as gateway, but it will be
unusual. I am not sure what would happen in that case. It depends on
the switch if it is smart enough to notice that the packet should
really go to another of its ports eventually, and on the router ...
mmph, I think the router should send it right back out on to the lan
port, and the switch send the packet to and from the router. So it's
just a silly idea.
> At the moment, my computer name is again 'localhost'. I should be able to
> reset the computer name once again without having a problem with the
> Actiontec. Is that true?
Yes. It doesn't care about names. It works at a much lower level.
> I should be able to set up Samba once again without any trouble. Is that
> true?
Samba should not need setting up again, if it is confined to the LAN.
And not even if not.
> I understand that the accepted wisdom is to run separate NICs with a DMZ
> between them. But this router should protect me from the internet in any
> case, what with the ISP providing DHCP. Is that true, and if not, how not?
It's not true. The router simply passes packets from one network to
another. There is no implicit "protection" in that.
You get some protection by not having a static address, but anyone can
see where your packets are sourced from and send packets to you. They
just have to route them through the internet side of your router to
reach you.
It's likely that the router has a firewall built into it, that you can
configure. But you know how silly I think firewalls are! In this case
however, it has the advantage that it is properly sited! While a
firewall on your own machine is really silly, a firewall on a router is
at least vaguely sensible, because it concentrates admin for the whole
intranet at one point, and stops stuff before it gets on your lan in
the first place! The router is also not providing any services itself,
so its not silly to firewall them! And you are saving yourself the
hassle of finding what services are running on each of your machines
and turning them on or off by using a point firewall on a router
instead.
However, it's also likely that your router will be doing NAT - in fact
it must be given your LAN addresses. That makes things complicated.
Essentially your machines on the LAN are *not contactable at all*
from outside under those circumstances. NAT is a "dynamic forwarding
firewall". It's triggered by packets from your side going out. They
configure the firewall to pretend to be you to the outside world, but
secretly pass returns back to you. It invents a port number to
represent you as you. It alone knows what the number is, so nobody
can "aim" packets at you. Well, they might guess if they examined the
packet stream, but they can't do it from cold.
So yes, you get some "protection", but by way of obscurity.
Peter
- Next message: B'ichela: "NIS howto, any updates"
- Previous message: Vladimir J Alarcon: "Re: Yet another newbie question"
- In reply to: William D. Tallman: "It works, but now...."
- Next in thread: Jeroen Geilman: "Re: It works, but now...."
- Reply: Jeroen Geilman: "Re: It works, but now...."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
