Mark Nixon wrote:
Ahh. I've just talked to my son, and he mentioned something about myNot 100% right... The DHCP server has the concept of lease time... So if you turn off one machine and start the one right after , then you would probably get a IP address that was not previously in use.. But if you turn on the machine some time later (this can vary from 5 minutes to 2 hours , depending on the server) , you could get the same IP address...
ADSL router also being a DHC source, which means (I think) that every
time I change my LAN config just a little, I'll get assigned a new
"10.0.*" number, so what you and Pedro write is starting to make sense.
If a take a machine off and add a machine, change an ethernet card, or
whatever, my router could assign a 10.0.0.* number that would keep
increasing, right?
The idea behind restricting the firewall rule to allow access only to machines in the 10.0.0.* range is that only people in that range will be able to access your printer , samba shares , ssh server , etc.. With a rule like the one you posted originally (allowing 10.0.0.0/5) , anyone from 10.1.1.* could access your machine... (of course , this isnt such an issue , since the 10.*.*.* range is assigned by IANA for private network usage and most switchs/routers wouldnt send/accept anything from the outside world pretending to be from your network)
In fact , *if* your ADSL router provides a firewall , you *maybe* could simply disable iptables *if* the firewall on the router is good enough...
Btw , you have to take in consideration that I'm paranoid ... Being a sysadmin on the computer science department on the university where I study was something kinda hard (after all , every single student has all the necessary knowledge to wreak havoc on the network ...) so I became a bit too much paranoid about security....
As far as I can see, with the 3-4 machines I have on my little LAN, it'sIt depends.. I preffer to have fixed addresses.. Since my brother runs linux 100% of the time and sometimes I need to access data on his computer when I'm on windows , I need to know the IP address he uses... Also , if you want to open a service to the outside world (or you need to open a port for bittorrent , for example) you'll probably need a static IP... Most cable/adsl routers cant make port forwarding to dynamic addresses.... Since I have a few services running here , I must have a static IP...
not worth assigning fixed addresses?
But DHCP helps a lot , since it removes the burden of configuring all machines on the network... Nothing is simpler than plug in the cable , run ifdown eth0; ifup eth0 (or ipconfig /renew on windows machines)...
-- Pedro Macedo