Web lists-archives.com

Re: Mixing and Matching DHCP and static IPs




On Mon, Dec 25, 2017 at 06:00:00PM +0100, deloptes wrote:
> Henning Follmann wrote:
> 
> Mark can start by drawing a diagram of the setup, configuring the DHCP an
> DNS and firewall properly.
> Ad DHCP Mark, you can setup a range with static and a range with dynamic IP
> addresses. All that has static address must still be in the DNS to be
> resolved.

Hmmm it seems like you think I'm saying my network is fundamentally 
broken. It isn't -- works fine except for the one problem of not being 
able to reach the PI from the AirStation LAN. If I could just convince 
the AirStation's WAN side that 192.168.1.3 is on the same subnet as it, 
I'd be away.

> 
> I did not get it at which level you split the network in two
> (internal/external or private/public) - I assume this is the firewall. It
> also means the firewall has 2 interfaces - one for internal and one for
> external network. You need a good IP-tables setup to make interconnect
> possible.
> 

split -- there are essentially two splits because there are two 
firewalls -- one of which I want and one I can't turn off. The firewall 
I set up sits at the outermost edge of the network (obviously) and has 2 
interfaces. The other is at the AirStation, which regards its WAN port 
as the outside but that is actually connected to the inside of the real 
firewall.

Firewall, iptables etc -- Yep set that up ages ago. That's been working 
for a year or so. And the two interfaces of the firewall were covered in 
my original post.

> What I describe is the most simple scenario and as Henning mentioned forget
> the dns caching for now, until all this stands. I advise start with
> DNS/DHCP in the internal (private) network.

Again if I drop the dns caching, I would be back to the network I've 
been running up to now which certainly works but continues to have the 
problem I'm trying to solve which is what happens when the ISP changes 
their DNS addresses. My firewall will smoothly switch gears but the 
AirStation won't. The caching DNS server is designed to fix that. Having 
the DHCP server on the firewall pass root DNS servers like 8.8.8.8 to 
the AirStation would dodge the issue, but the advice I got on this forum 
in the past was set up a local DNS cache, and I thought that sounded 
like a fun toy, so here I am.

Mark