Re: Mixing and Matching DHCP and static IPs
- Date: Tue, 26 Dec 2017 09:54:10 +0900
- From: Mark Fletcher <mark27q1@xxxxxxxxx>
- Subject: Re: Mixing and Matching DHCP and static IPs
On Mon, Dec 25, 2017 at 06:00:00PM +0100, deloptes wrote:
> Henning Follmann wrote:
> Mark can start by drawing a diagram of the setup, configuring the DHCP an
> DNS and firewall properly.
> Ad DHCP Mark, you can setup a range with static and a range with dynamic IP
> addresses. All that has static address must still be in the DNS to be
Hmmm it seems like you think I'm saying my network is fundamentally
broken. It isn't -- works fine except for the one problem of not being
able to reach the PI from the AirStation LAN. If I could just convince
the AirStation's WAN side that 192.168.1.3 is on the same subnet as it,
I'd be away.
> I did not get it at which level you split the network in two
> (internal/external or private/public) - I assume this is the firewall. It
> also means the firewall has 2 interfaces - one for internal and one for
> external network. You need a good IP-tables setup to make interconnect
split -- there are essentially two splits because there are two
firewalls -- one of which I want and one I can't turn off. The firewall
I set up sits at the outermost edge of the network (obviously) and has 2
interfaces. The other is at the AirStation, which regards its WAN port
as the outside but that is actually connected to the inside of the real
Firewall, iptables etc -- Yep set that up ages ago. That's been working
for a year or so. And the two interfaces of the firewall were covered in
my original post.
> What I describe is the most simple scenario and as Henning mentioned forget
> the dns caching for now, until all this stands. I advise start with
> DNS/DHCP in the internal (private) network.
Again if I drop the dns caching, I would be back to the network I've
been running up to now which certainly works but continues to have the
problem I'm trying to solve which is what happens when the ISP changes
their DNS addresses. My firewall will smoothly switch gears but the
AirStation won't. The caching DNS server is designed to fix that. Having
the DHCP server on the firewall pass root DNS servers like 220.127.116.11 to
the AirStation would dodge the issue, but the advice I got on this forum
in the past was set up a local DNS cache, and I thought that sounded
like a fun toy, so here I am.