On 11/7/06, Whil Hentzen (Pro*) <[EMAIL PROTECTED]> wrote: > I've just acquired a line with Time-Warner BizClass. The rationale > behind it, let's leave that for another time. <s> >
So, you've bought a new connection, and you're not going to tell us why, or what you plan to use it for, but now you want us to explain to you how to set it up? > At the end of the line coming in from out-of-doors, there's a box the > size of maybe six decks of playing cards. The line goes into it, and > there are four Ethernet ports available. Does the box have a name, or writing on the outside that tells us the manufacturer or the model number? Using that information, we can probably find the manual on-line and figure out what the capabilities of the device are. For now, let's call it "the router." > Tech support says that only one > is active, but I don't quite believe him, as I can plug a box into any > of them and get out. > Tech support may not know what you were provisioned. > I've got four static IP addresses. Is that what you ordered, or have you confirmed that's what you have? How did you determine that? Since you can plug a box in and get to the internet, what IP address do you get? That's likely showing you that the box is handing out IP addresses, using DHCP, and it's likely the addresses are non-routeable (192.168.*.* or 10.0.0.*) and the box is using NAT and perhaps doing some firewalling. But you tell us: what's the output of ifconfig and route? > I'm guessing this box-like thingee is a 'cable modem'. All it provides > is access outside. No firewall, no nothing, right? > No, it's more likely a cablemodem-router combination. The modem converts the electrical signal on the cable to Ethernet. The router side of the box routes the Ethernet from the modem to each of the four ports. Depending on the smarts of the device, it may be able to allocate one IP address to each port or do even fancier stuff. It may also include a firewall, NAT, DHCP, DNS, logging, content blocking, VPN support and lots of other stuff. > So what do I do now? <s> What is it you want to do? Do you have specific plans for what you want to do with the different IP addresses? > I could hook up a single box that's running a firewall as well. Block > everything but 80, for example. > > I could hook up four boxes, too. But I'm not sure I'm comfortable having > to mess with four firewalls on four boxes; that begins to become a lot > of admin that I should be able to handle in a central point. > All of the IP addresses can pass over the same physical wire, so the question is what you want to do with them. If the four IP addresses are to go to different devices, they need to be routed, either using the firmware in the device you have (the router) or by adding another device inline. OTOH, if you just bought the four IP addresses so you could have four separate SSL-supporting domains on the same web server, you can send all of the packets there over one wire. Or... you might want to do something else. You'll need to tell us what you plan. > So what are y'all doing with a setup like this? I've got one static IP on which I host a few domains and maintain some externally accessible services (ftp, ssh, subversion). I can (and usually do ) keep that side of the network separate from the other line coming in, a higher-speed but dynamic IP, on which we have the office. Separate firewalls, separate routers. The idea is that the Internet-facing services could be exploited without affecting the in-house resources, and it models what a lot of clients have: internal office resources and an externally hosted web site (I'm just self-hosting). It's overkill, but it's what I've ended up with, so far. -- Ted Roche Ted Roche & Associates, LLC http://www.tedroche.com _______________________________________________ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
