[lug] cable modem network topology

Jonathan Briggs zlynx at acm.org
Fri Jul 19 10:36:02 MDT 2002 

Look into setting up your firewall as a bridge.  I think you'll need a
kernel patch to allow firewall to work with bridging.

Bridging is nice because it turns your firewall into a switch instead of
a router.  It won't need an IP address and you won't need to run DHCP on
the firewall.  This is good because the only ways that I can imagine
getting 3 DHCP IP addresses on one computer involve horrible hacks.

This link looks promising:
http://www.tldp.org/HOWTO/mini/Bridge+Firewall+DSL.html

I have to say I've only heard about this.  I've never done it myself.

On Fri, 2002-07-19 at 10:26, D. Stimits wrote:
> Within the last two weeks, my telephone line quality went permanently 
> downhill. Not only is it between 25% and 33% slower, latency seems to 
> have doubled. The phone company is not interested until it drops below 
> 14.4kbps. Within roughly the last week, cable modems became available 
> for a good price (especially compared to DSL).
> 
> What I want to do is use an old P166 as the firewall/router/gateway, but 
> it is complicated by the need for 3 IP addresses, all of which are 
> dhcp/non-static. Each dynamic address beyond the first costs $5 each, 
> but that is fine for 3 computers that might run at the same time. The 
> gateway/router/firewall does not need a routable IP as far as I am 
> concerned. What I wanted was something like this:
> 
> cable modem
>      | (eth0)
>    P166 firewall/gate/router
>      | (eth1)
>    8 port switch
>      |
>      |- Machine 1
>      |- Machine 2
>      |- Machine 3
> 
> But how to actually do this is a mystery, it seems as though the P166 
> would need eth0 to respond to multiple dhcp IP's, and then transparently 
> forward them to whichever machine booted up, while still allowing rules 
> to stop things like port 137-139 from passing through. I have never set 
> up a DHCP system, which seems easy if only one machine touches the cable 
> modem, but becomes problematic if the P166 must simply pass through DHCP 
>   packets, then do the right firewalling for each machine. Can this be done?
> 
> D. Stimits, stimits @ idcomm.com
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
-- 
Jonathan Briggs
jbriggs at esoft.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20020719/4ac6df9a/attachment.pgp>

More information about the LUG mailing list