[opensuse] best way to organize small offices that share LAN with others?
Hello. We are in a small office that shares a broadband (10MB/s) connection with several other offices. The LAN administrator ask us to use IP address from 192.168.4.42 to 192.168.5.57. Since most our users are mobile workers visiting customer from day to day, assign each notebook fixed IP address is an inflexible solution. DHCP wouldn't work because there is a DHCP server in one of the near-by offices that keep granting IP addresses that are not usable (e.g. 172.16.4.3). The local IT administrator will not corporate to find and stop the mallfunctioning DHCP server (not set up by him) and set up a working one, because he thinks fixed IP address is a perfect solution, mostly because he do not travel but sit in the server room all day and he doesn't mind travellers have different requirement. Solving the problem at management level turns out not working because the network is shared by multiple offices and connectivity offered by non-profit governmental organization. It is difficult to force somebody do things if they don't get money from you. Is there a technical solution to my case? I first think to let everybody configure a defaul IP address in case DHCP didn't get them one. I don't know if it is possible in OpenSUSE and even if it is possible it wouldn't work. There is a DHCP server in one of the near-by offices that keep granting IP addresses that are not usable (e.g. 172.16.4.3). I tried to set up my own DHCP server, I don't know why but the other one takes priority. The LAN administrator said not to corporate to find and stop the mallfunctioning DHCP server (not set up by him) nor setting up a working one, because he thinks fixed IP address is a perfect solution, mostly because he do not travel but sit in the server room all day and he doesn't mind travellers have different requirement. He also thinks NetworkManager in the tray is stupid and people (including the sales guys) should use "ifconfig eth0 up". Solving the problem at management level turns out not working because the network is shared by multiple offices and connectivity offered by non-profit governmental organization. It is difficult to force somebody do things if they don't get money from you. Then I think sub-netting our own network, with a NAT firewall fixed at 192.168.4.42 and everyone gets 192.168.0.x. Which is what I am currently using. I don't know of any down-side of this solution. Sure this makes it difficult to punch holes on the NAT firewall but the local administrator would agree to punch any hole in the first place. Then I think of setting up BOOTP server in local office, if Linux can be configured to prefer BOOTP than DHCP then we have control of what IP addresses to lease despite the stupid DHCP server. Since we are the only office that every personnel use Linux, this gives us advantage. But look into NetworkManager source code turns out it seems they tried to implement BOOTP and DHCP but only finished implementing the latter. Yet I have not the strength and time to develop BOOTP support for NetworkManager, having not written any software for 5 years I almost forget how to debug a C program. What do you suggest? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 20 May 2009 gildororonar@mail-on.us wrote:
Is there a technical solution to my case?
Create a separate physical subnet for the mobile users and get a $50 Linksys, dLink, ,.. router and run NAT on it. Or, you can build a separate box with two NICs & use it as a router. Lee ============================================== Leland V. Lammert lvl@omnitec.net Chief Scientist Omnitec Corporation Network/Internet Consultants www.omnitec.net ============================================== -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
L. V. Lammert wrote:
On Wed, 20 May 2009 gildororonar@mail-on.us wrote:
Is there a technical solution to my case?
Create a separate physical subnet for the mobile users and get a $50 Linksys, dLink, ,.. router and run NAT on it.
Or, you can build a separate box with two NICs & use it as a router.
He already did it:) See the original post. He asked if there is any disadvantage of this. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Quoting gildororonar@mail-on.us:
Then I think sub-netting our own network, with a NAT firewall fixed at 192.168.4.42 and everyone gets 192.168.0.x. Which is what I am currently using. I don't know of any down-side of this solution. Sure this makes it difficult to punch holes on the NAT firewall but the local administrator would agree to punch any hole in the first place.
I mean: LAN administrator would not agree to punch any hole in the first place sorry -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 20 May 2009 20:33:42 -0500, gildororonar-RjzwrCfQnQ2cqzYg7KEe8g wrote:
Then I think sub-netting our own network, with a NAT firewall fixed at 192.168.4.42 and everyone gets 192.168.0.x. Which is what I am currently using. I don't know of any down-side of this solution. Sure this makes it difficult to punch holes on the NAT firewall but the local administrator would agree to punch any hole in the first place.
That's what I'd do, along with firewalling the misbehaving DHCP server to keep its addresses from being sent to your network. At least from a technical standpoint, that's what I'd do. But I'd also be inclined to talk to the manager for the LAN administrator for the building. They provide you a service - paid or not - and they need to meet your needs. If the manager doesn't take care of it, then keep climbing the ladder. There's no excuse for the kind of lazy administration you describe. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
gildororonar@mail-on.us wrote:
Hello. We are in a small office that shares a broadband (10MB/s) connection with several other offices. The LAN administrator ask us to use IP address from 192.168.4.42 to 192.168.5.57. Since most our users are mobile workers visiting customer from day to day, assign each notebook fixed IP address is an inflexible solution. DHCP wouldn't work because there is a DHCP server in one of the near-by offices that keep granting IP addresses that are not usable (e.g. 172.16.4.3). The local IT administrator will not corporate to find and stop the mallfunctioning DHCP server (not set up by him) and set up a working one, because he thinks fixed IP address is a perfect solution, mostly because he do not travel but sit in the server room all day and he doesn't mind travellers have different requirement. Solving the problem at management level turns out not working because the network is shared by multiple offices and connectivity offered by non-profit governmental organization. It is difficult to force somebody do things if they don't get money from you.
Is there a technical solution to my case? There is a technical solution, though the right solution might be at management level.
You can edit /etc/dhclient.conf on every client. check dhclient.conf(5), the OTHER DECLARATIONS section and see 'reject' statement. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (4)
-
gildororonar@mail-on.us
-
Jim Henderson
-
L. V. Lammert
-
Zhang Weiwu