On Thu, 2009-04-02 at 11:56 +1100, Simon Slater wrote: > When a firewall computer has 2 nics, they should be on separate > subnets? Yes? That depends on how you want to use them. If the computer sits *between* two networks, then yes. > When an ISP dynamically assigns an ip address, is it associated with > the dsl router, eth0 where it plugs in, or the ppp0 device that does the > communicating? That depends on how you're using the modem/router. If you're using it just as a modem, it's the computer network interface that gets assigned the internet address, and the computer does the authentication (if any). If you're using it as a router, the router's WAN interface deals with the ISP. > So if eth1 goes to a lan and has its ip address configured in its > ifcfg-eth1 and similarly eth0 on the wan side is configured to get its > address from dhcp, is it the ISP's dhcp server that it needs to get the > address from or the local dhcp server? The ISP's DHCP server doesn't *get* anything from you, it gives you addresses that it wants you to use. > With respect to the ip address for configuration of the dsl router > (defaults to 192.168.1.1 for this Linksys AG300), which subnet should it > be on, the lan side or wan? That's a badly formulated question that's hard to understand. But, 192.168.1.1 is a private address range, it should only be used on LANs. However, some cheapskate ISPs, which don't have enough public IPs give all their customers private IP addresses, and they do NAT between the internet and their customers. > Slightly more advanced: What are the pros and cons of using an ifup > ppp0 command from the firewall computer to connect with the ISP versus > connecting from within the dsl router itself? If the computer is directly connected, it has to do all the firewalling, and sharing the internet with other computers. If you have a router in between, it handles all the networking, and you don't have to have any particular computers on to use the network. -- [tim@localhost ~]$ uname -r 2.6.27.19-78.2.30.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
