IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Networking Forum / I think I've got something
Post #137,387
by tuberculosis
Picture of tuberculosis
1/23/04 7:21:47 PM
8/21/07 6:36:43 AM
Reply
New I think I've got something
We'll see how stabile it is.

The ActionTec is now running in routed mode to allow my 5 ip addresses past it. I set up its DHCP to dynamically serve 3 of the 5, and statically assigned the main one to the G4's Airport interface. I then put the linksys in the kitchen, turned off its DHCP, selected router mode, connected the uplink port of the lan side to one of the ports on the ActionTec. I now have the G4 with a static ip address reachable over a wireless link. My laptops are grabbing their ips from the DHCP pool (which I would prefer to be not reachable from outside...) over the same wireless network.

I have the PC and G4 talking over ethernet in their own little private idaho. Its a little annoying in that I can't seem to reach the internet from the PC directly and have to download stuff to the G4, then ftp it from the PC, but I'm planning to relegate the PC to just oracle server soon anyhow. So this is actually fine.

What's good - it works. What's not good - everything is hanging out there. I feel like I need a firewall in here or something. Realistically I only want to expose ssh, www, and scp to the world. I've got an old sonicwall soho kicking around here somewhere....

Can I fiddle the DHCP pool to serve addresses that are not routed outside? Aren't addresses in the 10.0.0.x range only routed locally? Something like that?

Networking is clearly a black art and too hard for the average bear. No wonder millions of PCs are hacked every day.


"I believe that many of the systems we build today in Java would be better built in Smalltalk and Gemstone."

     -- Martin Fowler, JAOO 2003
Expand Edited by tuberculosis Aug. 21, 2007, 06:36:43 AM EDT
Expand All History
Post #137,394
by deSitter
Picture of deSitter
1/23/04 7:27:53 PM
Reply
New Re: I think I've got something
Not a matter of routability, the 10. and 172.16. and 192.168. networks are forbidden from being routed by Internet trunk carriers. You can quite easily set up static routes for private networks.

RFC 1918: [link|http://www.faqs.org/rfcs/rfc1918.html|http://www.faqs.org/rfcs/rfc1918.html]
-drl
Post #137,406
by morganek
1/23/04 8:17:18 PM
Reply
New How about this:
Deactivate the DHCP server in the ActionTec.

Connect the WAN port on the Linksys to the ActionTec (with crossover cable if need be). Assign one of your real static IP addresses to the WAN interface (on the Setup page).

Configure the Linksys with a non-routable address on its "internal" interface in the "LAN IP Address" field on the Setup page.

Put the Linksys back into gateway mode. Activate its DHCP server and assign it a block of addresses to dispense on your non-routable subnet.

Connect the uplink port on the LAN side of your Linksys to the ActionTec (like it is now).

Keep your G4 configuration the same as it is now.

What this does is give you two different subnets on what is effectively a single ethernet segment. The static IP information on your G4 makes it participate in the subnet that your DSL provides. The DHCP addresses dispensed by the Linksys will put your laptops and other wireless machines on the non-routable subnet. If you want to put another machine on the internet, just configure it to be on the public subnet like you did with the G4.

I am guessing that your Oracle server does not have wireless. This configuration does not give your Oracle machine internet access.
Post #137,515
by tuberculosis
Picture of tuberculosis
1/24/04 1:37:38 PM
8/21/07 6:39:19 AM
Reply
New Bingo!
That was it - I'm able to use a local address on either the wireless or lan network for the DMZ host and only my DMZ host is visible to the world. I'll sleep better tonight.

Networking is very painful - this was - what - something like 4 half days of work to figure this out?

Its much slowed down by the fact that everytime you change some address you have to run around and re-init all the devices that used to talk to it - including the device (laptop) you were using to talk to it to change the config.

I expect that by mucking with the port forwarding I can get more machines on the net to do their various jobs.

Thanks again!


"I believe that many of the systems we build today in Java would be better built in Smalltalk and Gemstone."

     -- Martin Fowler, JAOO 2003
Expand Edited by tuberculosis Aug. 21, 2007, 06:39:19 AM EDT
Expand All History
     Trying to extend a network using wireless - (tuberculosis) - (19) - Aug. 21, 2007, 06:28:19 AM EDT
         I'll try to help a bit. - (Another Scott) - Jan. 21, 2004, 10:18:40 PM EST
         Recommendations - (morganek) - (15) - Jan. 21, 2004, 10:35:43 PM EST
             Sort of - more questions - (tuberculosis) - (14) - Aug. 21, 2007, 06:29:11 AM EDT
                 Re: Sort of - more questions - (morganek) - (12) - Jan. 22, 2004, 03:41:12 AM EST
                     Still not there yet - (tuberculosis) - (11) - Aug. 21, 2007, 06:32:06 AM EDT
                         Do you have tcpdump/Ethereal? - (FuManChu) - (9) - Jan. 22, 2004, 10:09:31 PM EST
                             I'm beginning to think this isn't possible - (tuberculosis) - (8) - Aug. 21, 2007, 06:35:29 AM EDT
                                 Sorry to stalk, but. . . - (morganek) - Jan. 23, 2004, 11:51:19 AM EST
                                 I guess I don't understand the G4 Airport thing. - (FuManChu) - (6) - Jan. 23, 2004, 01:32:17 PM EST
                                     It doesn't matter - (tuberculosis) - (5) - Aug. 21, 2007, 06:36:04 AM EDT
                                         I asked about the ActionTec because I wanted to see... - (FuManChu) - (4) - Jan. 23, 2004, 04:47:50 PM EST
                                             I think I've got something - (tuberculosis) - (3) - Aug. 21, 2007, 06:36:43 AM EDT
                                                 Re: I think I've got something - (deSitter) - Jan. 23, 2004, 07:27:53 PM EST
                                                 How about this: - (morganek) - (1) - Jan. 23, 2004, 08:17:18 PM EST
                                                     Bingo! - (tuberculosis) - Aug. 21, 2007, 06:39:19 AM EDT
                         Re: Still not there yet - (morganek) - Jan. 22, 2004, 11:57:54 PM EST
                 Sounds like you're doing what I did in November - (FuManChu) - Jan. 22, 2004, 10:25:24 AM EST
         Todd, I just came across this thread, if you ... - (dmarker) - (1) - Jan. 28, 2004, 11:31:11 PM EST
             Thanks - got it sorted -NT - (tuberculosis) - Jan. 29, 2004, 09:24:28 AM EST

So does a burning bus.
107 ms