Mailinglist Archive: opensuse (1620 mails)

< Previous Next >
Re: [opensuse] Firewall
On 11/18/2014 01:01 PM, Bernhard Voelker wrote:
On 11/18/2014 05:58 PM, Anton Aylward wrote:
Yes, but somebody still has to generate that hosts file and load it into
the router. The router doesn't magically go out and ask every IP device
what its name is, what its aliases are.

As the list in the Web-UI in a netgear router is correct,
I assume it gets the names from the DHCP requests the clients
are initiating. From /etc/sysconfig/network/dhcp:

Are you talking about the DHCP server on the Netgear or the DHCP server
on the Linux host?
You quoted the config file from the Linux host.

IF, and its an IF, the host sends a name to the DHCP server then it must
have been configured to do so. We're back to the issue of correct and
complete configuration. This doesn't happen by magic.

We're also talking about a DHCP server with this capability. If you are
running a lo end smb/home server with built in DHCP and DNS proxy that
isn't going to happen.

If you are running a Linux box as the firewall, DHCP server, DNS server
then you must have manually configured all the names.

In which case we've gor the question of why dynamic addresses, why not
static ones and static entries in the DNS?

Yes, anything is possible, but the moment you start tying things down,
adding constraints such as 'this is a server' and 'this is my
home/office lan' and 'these are not machines that connect dynamically'
and "there is a DNS server running on that machine' and 'all hosts have
their resovler pointing to the same server', than this random "Yes But
What If" speculation stops. DEAD.

All that config file you quoted is meaningless if the Netgear
gateway/firewall machine is set up like mine to do DHCP and to
proxy/cache DNS to the ISP and all hosts have their resolved pointing to
the Netgear, which is how I have mine set up. Yes, the netgear has a
set of static assignments for my desktop, mail hub, voip, wifi and
archive server. The names are in that table but that table doesn't "do"
DNS. There names are there to remind me, in effect a comment field.
All my Linux hosts have /etc/hosts files for the devices on the lcoal LAN.

Could I have set it up differently? Possibly, but the DNS capability of
the Netgear isn't like that of a full blown Linux host with the kind of
capability inferred by the config file you quote.

Could I do things differently?
Yes. I've run a gateway/firewall based on a Linux box. I've run it
with IpCop and with a Shorewall based firewall. I've tiered other
"firewall in a package" LINUX Cds as well :-) They were a wonderful
"learning experience". I enjoyed fiddling with then and learning about
how the Linux IP stack differed from what I'd learnt from Commer.

But the Netgear "just works" and doesn't tempt me to fiddle and consumes
a lot less power. It also has a switch built in, which is nice. I got
it originally for the switch and used it with the IPCop f/w, then
thought "what the hell, why do I need the extra box". KISS.

So yes, you could do it any number of ways, but don't expect the Netgear
to be as capable as a full Linux box.

A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting frowned upon?

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups