Re: ADSL -> Actiontec 1524 -> Eth-switch -> PCs

From: Duane Arnold (notme_at_notme.com)
Date: 01/31/04 

Date: Sat, 31 Jan 2004 14:43:13 GMT

"William D. Tallman" <wtallman@olypen.com> wrote in message
news:101j7nnsh57gib4@corp.supernews.com...
> I've asked questions about this a while back, but still not sure of
details.
>
> I've got ADSL from my ISP via Qwest to an Actiontec 1524 DSL modem. It is
> connected to an ethernet switch, to which a Linux box and a M$ PC are also
> connected. The Actiontec is the "gateway" with a permanent address on the
> LAN side. It connects to the ISP using PPPoA and DHCP. Or so says the
> Actiontec's web page.
>
> It appears that as long as everything is up and running, the Actiontec
sees
> the ethernet switch as an active component, even when both computers are
> powered down. At least it shows a regular blip on it's ethernet
interface,
> suggesting that there is activity, and the interface light remains on at
> all times. When both computers were connected directly to the Actiontec,
> the interface lights went out when the computers powered down.
>
> Questions:
>
> 1) It would seem that neither computer has to worry about DHCP, as that
is
> settled between the DSL modem and the ISP. Effectively, then, the
> computers are left with a permanent Internet address. Is this correct?

I think the modem you have is a router gateway and it has its own DHCP
server and your machines are getting a private side DHCP IP issued to them
by the router/modem. The router/modem is getting a public DHCP IP issued by
the ISP.

>
> 2) If so, then it would seem that as far as the computers are concerned,
> they both have a fixed internet address, and that address is the LAN
> address of the modem and not the assigned address on the ISP side. Is
that
> correct?

The machines have a fixed private side IP which is linked to the NIC's MAC
in the DHCP table in the modem/router, which can change, but for the most
part the IP a machine has on the private side stays the same unless you do
something that affects the NIC's MAC a new card for instance.

>
> 3) I've made a practice of having a terminal running tcpdump whenever the
> box is up, and have seen no intrusive activity at all. In fact, except
for
> explicit activity with the time server, the mail server, the news server,
> and whatever http server I'm doing business with, there is no more
activity
> now than when the DSL modem was not connected to the LAN. Given that the
> modem is actually a NAT enabled bridge, does that suggest that it is doing
> everything that needs to be done? I'm aware that this is commonly thought
> not to be the case....

If you're talking about does a NAT device provide some kind of protection
from the Internet for the LAN, the answer is yes. But that's only basic
protection like stopping unsolicited inbound traffic for the LAN. It
provides no outbound protection and it doesn't provide protection for some
of the more sophisticated attacks using TCP/IP.

> 4) The PC is running Zone Alarm, just as it did when it was a dial-up,
with
> ZA now seeing the Internet as a gateway on the LAN rather than a dial-up
> account. Apparently there is no change in the extent of protection
> offered. Or maybe we've just been lucky? I'm running Shorewall on the
> Linux box, configured the same way, and have yet to see any untoward
> activity. Not sure how well it's configured, but apparently it works.
> Again, have we just been lucky?

I have no *clue* as to what you're talking about here. Does the
router/modem gateway have multiple LAN ports? How is a PC using ZA a gateway
device in the setup using a standalone switch?

>
> 5) The point of all this is that I'm generating a real firewall for my
box,
> with every issue addressed. I'm using Bob Ziegler's "Linux Firewalls" as
> the prototype. I gather that he and his work are generally well regarded.
> Is this the case in this venue as well?

I don't use Linux!
>
> 6) And finally, if any of the resident experts are familiar with
Ziegler's
> book, I would appreciate the chance to post specific questions; and
> probably enough of them to bore everyone stiff....LOL!!!! Is anyone
> familiar with this stuff and willing to mentor me a bit, please?
>

Someone else will have to help you on that. <g>

Duane :)

Relevant Pages

  • Re: Special configuration of DHCP, NAT
    ... My ISP provides me with 5 dynamic ip addresses. ... I have 5+ computers connected today via a broadband router which means ... My question is if the following setup is possible. ... I don't think it is possible to get multiple DHCP lease on the same ...
    (comp.unix.bsd.openbsd.misc)
  • Re: newbie to home network dhcp worries
    ... at the moment i have nat and dhcp enabled on ... I'm in UK and my isp issues a changing address ie every time i connect its ... and has a dhcp server and nat system. ... >>>> If his external device has a Public IP on the LAN side, ...
    (microsoft.public.win2000.networking)
  • Re: cable modem
    ... > Unfortunately I've got only windoze support from the ISP. ... The configuration is a straight lan connection using dhcp to get the ip ...
    (alt.os.linux)
  • Re: sharing a wireless router- need suggestions
    ... What you did before is Highly Risky since you did not have a real LAN but few computers sitting directly on the Internet. ... Put them on the first LAN and put your LAN behind the second Router. ... But then I realized my ISP only provides 5 IPs (DHCP, not static), and just between my stuff I'm already using 4. ...
    (microsoft.public.windowsxp.network_web)
  • Verbindung geht nur mit "fester" IP-Adresse
    ... Computers) auf "automatisch beziehen gesetzt wird, ... vom DHCP vergebenen) "versorgt" ist, ... Liste der Netzwerk-Computer und ist somit auch nicht im LAN ... Ahnung habe), das aus der Ferne, selbst mit VNC, zu korrigieren. ...
    (microsoft.public.de.german.windowsxp.networking)