Re: Forcing specific IP address with DHCP
On Thu, Apr 17, 2008 at 12:07:25PM -0400, Brian McKee wrote: I'd do that, and add an additional name server or two (like OpenDNS, or your ISP's competition's name server) to the list, on the off chance they do get changed.I don't know your ISP, but mine has used the same three IP addresses for DNS for many years now (and if you're in the north-east of North America I'd be happy to give them to you - they've been very reliable) It's simple, and not prone to breakage Or just use dnsmasq: it's a caching dns server and a DHCP server in one and very configurable. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Forcing specific IP address with DHCP
Hi, I find myself in a bizarre networking predicament. I need to have a server (henceforth 'edith') accept incoming connections (e.g. ssh) from the Internet. edith is behind a home gateway / router / switch ( Trendware / Trendnet TEW-452BRP [0] - henceforth 'gwen'). gwen will forward specific ports to specific private, internal IP addresses, but bizarrely, it seems to provide no facility for ensuring that a specific host will be assigned, via DHCP, a particular IP address. My previous box, an old Netgear unit, would reserve specific IP addresses for particular MAC addresses, which was exactly what I want, but after a fairly exhaustive search through gwen's web interface, I can see no way to do this with gwen. What use is port forwarding when one can't guarantee which LAN host will receive the connections? I can see several solutions, all of which involve telling gwen to exclude some IP address from its DHCP pool and then somehow guaranteeing that edith gets a specific one of them: I) Use static network configuration, rather than DHCP, for edith. The problem is that edith needs to get my ISP's nameservers from gwen, which normally occurs through DHCP. Several sub-solutions: A) Hard code the nameservers, and hope they don't change. The drawback to this approach is obvious; hope isn't a valid substitute for correctness. B) Use other nameservers, such as OpenDNS's [1]. This might work, but I'd rather use my ISP's. C) Write a script to extract my ISP's nameservers from the appropriate page of gwen's web interface, similar to what ddlient can do to get the router's external IP address. I suppose this is doable, but far too much trouble for something that should be trivial. II) Use dhclient's supersede facility to override gwen's DHCP offer. After struggling with the various DHCP manpages, I can't figure out how to supersede the IP address; all the examples deal with superseding things such as the nameservers. Am I missing something? III) Accept the DHCP offer, but use an alias stanza to alias the interface to a fixed IP address. This is the solution I'm currently using; it seems to work fine, but it feels a bit kludgy. I added this to /etc/dhcp3/dhclient3.conf: alias { interface ath0; fixed-address 192.168.0.2; option subnet-mask 255.255.255.0; } What would you do in this situation (besides getting a different router or using a general purpose computer as one)? Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Forcing specific IP address with DHCP
On Thu, Apr 17, 2008 at 10:31 PM, Celejar [EMAIL PROTECTED] wrote: II) Use dhclient's supersede facility to override gwen's DHCP offer. After struggling with the various DHCP manpages, I can't figure out how to supersede the IP address; all the examples deal with superseding things such as the nameservers. Am I missing something? Have you tried disabling the DHCP server altogether and using one of your linux boxes as DHCP server? Then you can use all facilities of dhcpd. Additionally, you can make that box your nameserver (using bind) as well. That would solve both of your problems at the same time. Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Forcing specific IP address with DHCP
On 17-Apr-08, at 10:31 AM, Celejar wrote: Hi, I find myself in a bizarre networking predicament. [...] I) Use static network configuration, rather than DHCP, for edith. The problem is that edith needs to get my ISP's nameservers from gwen, which normally occurs through DHCP. Several sub-solutions: A) Hard code the nameservers, and hope they don't change. The drawback to this approach is obvious; hope isn't a valid substitute for correctness. I'd do that, and add an additional name server or two (like OpenDNS, or your ISP's competition's name server) to the list, on the off chance they do get changed.I don't know your ISP, but mine has used the same three IP addresses for DNS for many years now (and if you're in the north-east of North America I'd be happy to give them to you - they've been very reliable) It's simple, and not prone to breakage My 2c Brian PGP.sig Description: This is a digitally signed message part
Re: Forcing specific IP address with DHCP
On 04/17/2008 09:31 AM, Celejar wrote: I find myself in a bizarre networking predicament. I need to have a server (henceforth 'edith') accept incoming connections (e.g. ssh) from the Internet. edith is behind a home gateway / router / switch ( Trendware / Trendnet TEW-452BRP [0] - henceforth 'gwen'). gwen will forward specific ports to specific private, internal IP addresses, but bizarrely, it seems to provide no facility for ensuring that a specific host will be assigned, via DHCP, a particular IP address. Not such a bizarre thing - I do this for several servers running behind a Debian router/firewall server for my home connection. I don't know about the particular router you are using, but if it does not allow MAC-IP mapping, I think assuming that it has no dynamic DHCP client is fair :P What would you do in this situation (besides getting a different router or using a general purpose computer as one)? Stick a Debian box behind your ISP modem and set it up as your gateway and DHCP server - then run ddclient with a service like DynDNS (apt-cache show ddclient) - I do this at home, at work, on my laptop - I can always get to the machines I might need by hostname - who cares what the IP is :) -- Kind Regards, Michael Shuler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Forcing specific IP address with DHCP
On Thu, 17 Apr 2008 12:07:25 -0400 Brian McKee [EMAIL PROTECTED] wrote: On 17-Apr-08, at 10:31 AM, Celejar wrote: Hi, I find myself in a bizarre networking predicament. [...] I) Use static network configuration, rather than DHCP, for edith. The problem is that edith needs to get my ISP's nameservers from gwen, which normally occurs through DHCP. Several sub-solutions: A) Hard code the nameservers, and hope they don't change. The drawback to this approach is obvious; hope isn't a valid substitute for correctness. I'd do that, and add an additional name server or two (like OpenDNS, or your ISP's competition's name server) to the list, on the off chance they do get changed.I don't know your ISP, but mine has used the same three IP addresses for DNS for many years now (and if you're in the north-east of North America I'd be happy to give them to you - they've been very reliable) Thanks. I may try this. If I do, I'll probably give OpenDNS's a try; thanks for your offer. It's simple, and not prone to breakage My 2c Brian Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Forcing specific IP address with DHCP
On Thu, 17 Apr 2008 11:36:53 -0500 Michael Shuler [EMAIL PROTECTED] wrote: On 04/17/2008 09:31 AM, Celejar wrote: I find myself in a bizarre networking predicament. I need to have a server (henceforth 'edith') accept incoming connections (e.g. ssh) from the Internet. edith is behind a home gateway / router / switch ( Trendware / Trendnet TEW-452BRP [0] - henceforth 'gwen'). gwen will forward specific ports to specific private, internal IP addresses, but bizarrely, it seems to provide no facility for ensuring that a specific host will be assigned, via DHCP, a particular IP address. Not such a bizarre thing - I do this for several servers running behind a Debian router/firewall server for my home connection. I don't know about the particular router you are using, but if it does not allow MAC-IP mapping, I think assuming that it has no dynamic DHCP client is fair :P I don't quite follow you here. What's a dynamic DHCP client? gwen has both a DHCP server for the LAN, as well as a client for getting its own external IP address from the ISP. Can you elaborate? What would you do in this situation (besides getting a different router or using a general purpose computer as one)? Stick a Debian box behind your ISP modem and set it up as your gateway and DHCP server - then run ddclient with a service like DynDNS (apt-cache show ddclient) - I do this at home, at work, on my laptop - I can always get to the machines I might need by hostname - who cares what the IP is :) For logistical reasons, alternating the current topology of my network, specifically the connection of the modem to the router and the physical location of them both, is not currently practical. I actually do use ddclient with DynDNS, to reach edith using DNS from the Internet. ddclient runs on edith; it reads gwen's external IP address from the relevant status page on gwen's web interface, and then records it with DynDNS. DynDNS translates the DNS name to gwen's external IP address, and gwen then forwards the incoming connections to edith. Did you mean something else? Thanks for the suggestions. Kind Regards, Michael Shuler Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Forcing specific IP address with DHCP
On 04/17/2008 02:12 PM, Celejar wrote: On Thu, 17 Apr 2008 11:36:53 -0500 Michael Shuler [EMAIL PROTECTED] wrote: dynamic DHCP client I don't quite follow you here. What's a dynamic DHCP client? bleh.. s/DHCP/DNS/ I meant dynamic DNS there.. -- Kind Regards, Michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Forcing specific IP address with DHCP
On Thu, 17 Apr 2008 15:12:22 -0400 Celejar [EMAIL PROTECTED] wrote: On Thu, 17 Apr 2008 11:36:53 -0500 Michael Shuler [EMAIL PROTECTED] wrote: On 04/17/2008 09:31 AM, Celejar wrote: I find myself in a bizarre networking predicament. I need to have a server (henceforth 'edith') accept incoming connections (e.g. ssh) from the Internet. edith is behind a home gateway / router / switch ( Trendware / Trendnet TEW-452BRP [0] - henceforth 'gwen'). gwen will forward specific ports to specific private, internal IP addresses, but bizarrely, it seems to provide no facility for ensuring that a specific host will be assigned, via DHCP, a particular IP address. Not such a bizarre thing - I do this for several servers running behind a Debian router/firewall server for my home connection. I don't know about the particular router you are using, but if it does not allow MAC-IP mapping, I think assuming that it has no dynamic DHCP client is fair :P I don't quite follow you here. What's a dynamic DHCP client? gwen has both a DHCP server for the LAN, as well as a client for getting its own external IP address from the ISP. Can you elaborate? [Michael clarified:] bleh.. s/DHCP/DNS/ I meant dynamic DNS there.. gwen actually does have a dynamic DNS client, with support for DynDNS, No-IP and EasyDNS, but I am still using ddclient on edith. Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Forcing specific IP address with DHCP
On Thu, Apr 17, 2008 at 10:31:27AM -0400, Celejar wrote: Hi, [snip] What would you do in this situation (besides getting a different router or using a general purpose computer as one)? does gwen do proxy dns ? if so just point edith to gwen and gewn will update automatically I would also guess that you isp doesn't change their dns very regularly so hard coding them should be okay as well Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- After the bombing, most Iraqis saw what the perpetuators of this attack were trying to do. - George W. Bush 03/13/2006 Washington, DC Regarding the bombing of the Golden Mosque of Samarra in Iraq signature.asc Description: Digital signature
Re: Forcing specific IP address with DHCP
On Fri, 18 Apr 2008 10:01:40 +1000 Alex Samad [EMAIL PROTECTED] wrote: On Thu, Apr 17, 2008 at 10:31:27AM -0400, Celejar wrote: Hi, [snip] What would you do in this situation (besides getting a different router or using a general purpose computer as one)? does gwen do proxy dns ? if so just point edith to gwen and gewn will update automatically Is proxy dns caching dns? In any event, I don't think gwen does it. I would also guess that you isp doesn't change their dns very regularly so hard coding them should be okay as well Yes, Brian also recommends that. So far my aliasing hack seems to be working, so I may just keep it. Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]