[lug] Re: Qwest Basic service w/ single static IP

[D. Stimits]

Lee Woodworth wrote:
> D. Stimits wrote:
> 
>> William D. Knoche wrote:
>>
>>> You might try putting the Actiontec into "transparent Bridge" mode 
>>> and use your own router on the inside.
>>> Somewhat of a pain since the "modem" can't be seen on the net and has 
>>> no address so you have to physically touch it to do anything with it 
>>> (reset and use the direct connection to modify configuration).
>>> This has worked out much better for me and also solved some of my 
>>> VOIP issues.
>>
>>
>>
>> If the bridge runs linux inside, you can set two or more virtual IP's 
>> to one interface. The interface the outside world sees can continue to 
>> have no IP, while the interface seen by the inside could have a 
>> not-routable 192.x.x.x. Nobody on the outside would be able to see the 
>> inside IP.
> 
> I have thought about trying to assign an address to the bridge. The routing
> looked like it would be a problem. If you combine ppp0 and eth0 into the
> bridge device br0, I don't think you use ppp0 or eth0 for routing anymore.
> I don't think they can be assigned addresses as they have to have addresses
> of 0.0.0.0 before they can be added to the bridge device.

I'm not positive about routing, but I don't think it would be a problem. 
My last linux bridge (a P166) had 2 ethernet cards as a bridge, and the 
internal one also had a private 192.x.x.x address. It still worked fine 
(until the hard drive blew out) for multiple users, while I was able to 
manage it via ssh on the private LAN. The thing is that if you set the 
netmask correctly, the 192.x.x.x will never even be seen inside unless 
you try to go to that address/netmask combination. The br0 is done in 
the intial setup, and the 192.x.x.x is added as a virtual IP like 
eth0:1. If you really wanted, you could probably use some iptables rules 
for forwarding.

D. Stimits, stimits AT comcast DOT net