[lug] DSL static IP question

Michael J. Pedersen marvin at netinfra.net
Tue Nov 9 07:33:09 MST 1999 

On Mon, Nov 08, 1999 at 09:40:52PM -0700, Chip Atkinson wrote:
> You will need to make the following configuration changes to your TCP/IP 
> stacks on the machines that you assign the previous addresses to:
> 
>         255.255.255.248 Subnet Mask
>         xx.xxx.x19.190  Default Gateway
>         206.196.128.1   Primary DNS
>         204.147.80.5    Secondary DNS
> <<<<<<<<
> My question are these:  Is the 190 IP, which is used for routing, the 
> address of the DSL modem, or is it the IP of the WAN side?  Also, is 
> the modem in bridging mode?

Well, here's where it gets into a lot of fun.  My experience with the bridging
side is that the entire process is quite annoying.  You'd be better off having
going with an alternate ISP than US Worst (Front Range Internet is good, if
you tell them precisely what you want.  http://www.frii.net).

With bridging, you've got to connect your DSL modem to a hub, and then connect
all your machines to that hub.  Of course, this opens up a wide variety of
security issues.  Ever try and maintain a firewall on each machine connected
to your network?  It sucks.

Here's the required setup to do what I did with my environment.  Get a linux
box with two network cards in it.  Connect one of those cards to the hub.
That card will now be called firewall in this post.  Connect the other card to
the hub.  That card will now be called gateway.  Next, you have to get the ISP
you're working with to route all packets for your network to firewall's IP
address.  FRII called this Point-To-Point Routing.

If you don't want to go through this trouble, you can try to setup a bridge on
your linux box, and add in firewalling.  There's even a mini-howto on doing
just this (Bridge+Firewall if I recall correctly).  However, configuring your
linux box as a bridge results in all packets which bounce off your firewall to
be broadcast over gateway.  Machines in your supposedly firewalled subnet will
still see packets they shouldn't.  Considering that DSL is implemented
(currently) by broadcasting all packets over a very large subnet, you can see
packets from people down the street quite often (and will).

I recommend the setup I used.  It works quite well.  I also recommend FRII.
They're also cheaper for a block of IP addresses ($5/month, if memory serves,
for 8 IPs).  But when you speak to them, tell them you have DSL, want to
switch to them, want a block of static IPs, and you want Point-To-Point
Routing for your block.

-- 
Michael J. Pedersen
WhoDP: whodp://earth.activerse.com/pedersen
Check out Ding! at http://www.activerse.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/19991109/8b911ee8/attachment.pgp>

More information about the LUG mailing list