On Sat, 15 Apr 2000, Bill Moseley wrote:
At 12:39 PM 04/15/00 -0500, Ben Rosenberg wrote:
Yep, I have DSL in St. Louis from Southwestern Bell w/ 5 static ips...and it is bridged as well. If you want routed DSL try exodus.net which I hear is very good.
Ok, I asked the original 5 IP question. But I haven't groked it completely yet, sorry.
I'm not clear on what you mean by bridge. Let me explain my current home network and maybe some kind person could show me how things would changes under a 5 static IP DSL setup:
I have three machines right now (I'll sell the extra two IP numbers to my neighbors... ;)
That would probably be a crime (enacted to protect the free market by forbidding competition, believe it or not), and almost certainly be a breach of contract for residential service.
192.168.0.1: has modem that dials up my ISP. Also running a primary master DNS server (Nothing delegates to that DNS of course, although I have it pretend like it's the master for my domain). This machine is running dial on demand.
192.168.0.98 & .99 - one SuSE the other Win98. Both have the default gateway set as the .1 box. The SuSE box is running a slave DNS (off the .1 box), and the Win98 box has both the .1 and .99 box as its DNS servers.
You have two options here: (1) Connect the DSL interface into your existing network and change the IP addresses of all your existing machines to be in the list of five you get from the ISP. Recognise that every one of your machines is then totally exposed to the internet and all the nice friendly hackers out there who will be pleased that you so generously share your processor power, your disk space, your email accounts, and all the private stuff you have on your hard drives. (2) Construct a firewall with two network cards. One network card will use an address given to you via your ISP. The other card will have an address in 192.168.0.X and be connected to your existing network. The firewall itself should be running a bare minimum of services that are accessible from the internet. With the current firewalling software, you have to set up each individual service (perhaps using tcp wrappers) to exclude non-local addresses; with the next version, supposed to be in the 2.4 kernel, you can set up the firewall software itself so that the firewall computer appears not to exist from the non-local side (but still passes things through). With this approach, you will be using ONE of your five addresses. If you ever decide you want to make a service public, you have three approaches available: (a) run the service on your firewall and make sure that it's externally visible; (b) use IP port forwarding in the firewall to connect the *local* address and service to the *public* address and service; (c) use another one of your five addresses for a separate server. B is the most secure, C is the most suitable for high volume. As for buying a separate firewall, basically you are paying someone else for the configuration work. You have to decide for yourself whether you want to do that or not. Commercial firewalls for residential use are mostly horribly overpriced - a used Pentium-90 is plenty of computer, and I can buy one of those for about $100; a version of Linux specifically tuned to install as a firewall is also less than $100; and network cards are under $25 each, so why does a home user need a $500 firewall?
So, do I connect the DSL 'modem' onto my network (just as if I was adding another computer to the LAN), and then that machine becomes my new gateway, as I think Greg described it? (But then I wonder about a firewall setup.)
What would people recommend about DNS? Should I run my own primary DNS, or should I pay the ISP (PacBell in my case here in California) to handle the DNS. Seems like I should do it, but that it would be a bad idea to also handle the secondary DNS on the same set of five IP numbers as I'd be out of luck if my DNS connection went down. Probably better to try to find a friendly person that would act as a secondary DNS (and also secondary for mail).
I seriously doubt that it makes sense to pay for publically-accessible DNS service if you don't have any publically-accessible servers. Your existing DNS setup sounds fine to me. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/