Re: Mixing and Matching DHCP and static IPs
- Date: Mon, 25 Dec 2017 20:45:06 -0500
- From: Gene Heskett <gheskett@xxxxxxxxxxx>
- Subject: Re: Mixing and Matching DHCP and static IPs
On Monday 25 December 2017 19:54:10 Mark Fletcher wrote:
> On Mon, Dec 25, 2017 at 06:00:00PM +0100, deloptes wrote:
> > Henning Follmann wrote:
> > Mark can start by drawing a diagram of the setup, configuring the
> > DHCP an DNS and firewall properly.
> > Ad DHCP Mark, you can setup a range with static and a range with
> > dynamic IP addresses. All that has static address must still be in
> > the DNS to be resolved.
> Hmmm it seems like you think I'm saying my network is fundamentally
> broken. It isn't -- works fine except for the one problem of not being
> able to reach the PI from the AirStation LAN. If I could just convince
> the AirStation's WAN side that 192.168.1.3 is on the same subnet as
> it, I'd be away.
Have you looked at the AirStations web page? There may be a bridge option
that is not turned on. But that will mean you'll need the devils own
firewall because that will allow drive by hackers free access to your
home network. And Grandpa Gene here may do odd things, but thats NOT
one of them.
> > I did not get it at which level you split the network in two
> > (internal/external or private/public) - I assume this is the
> > firewall. It also means the firewall has 2 interfaces - one for
> > internal and one for external network. You need a good IP-tables
> > setup to make interconnect possible.
> split -- there are essentially two splits because there are two
> firewalls -- one of which I want and one I can't turn off. The
> firewall I set up sits at the outermost edge of the network
> (obviously) and has 2 interfaces. The other is at the AirStation,
> which regards its WAN port as the outside but that is actually
> connected to the inside of the real firewall.
> Firewall, iptables etc -- Yep set that up ages ago. That's been
> working for a year or so. And the two interfaces of the firewall were
> covered in my original post.
> > What I describe is the most simple scenario and as Henning mentioned
> > forget the dns caching for now, until all this stands. I advise
> > start with DNS/DHCP in the internal (private) network.
> Again if I drop the dns caching, I would be back to the network I've
> been running up to now which certainly works but continues to have the
> problem I'm trying to solve which is what happens when the ISP changes
> their DNS addresses. My firewall will smoothly switch gears but the
> AirStation won't. The caching DNS server is designed to fix that.
> Having the DHCP server on the firewall pass root DNS servers like
> 220.127.116.11 to the AirStation would dodge the issue, but the advice I got
> on this forum in the past was set up a local DNS cache, and I thought
> that sounded like a fun toy, so here I am.
Cheers, Gene Heskett
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>