Geek help: static IP addresses

Oct. 25th, 2003 06:08 pm
ciphergoth: (tree)
[personal profile] ciphergoth
Quick geek help sought with making sure I understand IP routing properly.

Zen have allocated me the static IP address block 82.68.129.72/29. Of these eight addresses, one is the network address, one is the broadcast address.

I've fitted an ADSL card to my main PC, saltationism. So it has two interfaces: an ADSL interface and a LAN one. That's two more addresses taken. So there are four left: I can give up to four more machines on the LAN static IP addresses.

The thing that worries me is that if the subnet for the LAN is 82.68.129.72/29, then can I assign an address from that subnet to the ADSL card? If I do, will my LAN be able to route to that address? If not, what should I do instead?
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2003-10-25 10:12 am (UTC)
From: [identity profile] adrasteah.livejournal.com
What do you mean by ADSL card?

Your PC should only need one IP address.

You need an IP address for your router/gateway as well, or is that what you mean by ADSL card?

Date: 2003-10-25 10:27 am (UTC)
From: [identity profile] ciphergoth.livejournal.com
I mean a Conexant PCI card which connects directly to the ADSL microfilter. So it's another interface and needs an IP address distinct from the address of the 10BASE-T interface, doesn't it?

In other words, saltationism is acting directly as the router/gateway; I like this setup because it means I can use Linux to set up the firewall and routing and stuff.

Date: 2003-10-25 10:20 am (UTC)
From: [identity profile] mr-purpleduck.livejournal.com
It would be best to use NAT on the inside LAN and not use real world addresses, as you would have to use saltationism as a bridge device (i.e. it's being not a router) as the 82.68.129.72/29 subnet can not be on the ADSL interface and the LAN interface at the same time as this would lead to to routing table entries.

I know iptables in Linux has support for bridges, so it would be possible to have this topology. But it would involve using proxy-arp which gives one of those ick feelings.

Date: 2003-10-25 10:39 am (UTC)
From: [identity profile] ciphergoth.livejournal.com
I want to assign real IP addresses to at least some machines; it would be convenient to be able to reach them directly from my work, for example. Hmm, actually is it possible to give some machines real IP addreses and others 192.168 style addresses? Hmm...

Date: 2003-10-25 10:43 am (UTC)
From: [identity profile] kimble.livejournal.com
Yes, no reason you can't do that (would need an IP alias for eth0 in the 192.168.whatever range and appropriate routing table entries). Packets between the subnets would go via the router, which may be an issue if you care about throughput.

Date: 2003-10-25 10:53 am (UTC)
From: [identity profile] mr-purpleduck.livejournal.com
There's nothing to stop to putting different subnets on the same wire, you just have to be very careful to not create any loops. A broadcast storm can easily happen in this situation.

Dose the ADSL interface get assigned a IP address from a different range from your ISP ? In most situations this address would be used to route the subnet though the router and you would not have to use the same subnet on both sides of router.

In Cisco terms you could use ip unnumbered on the ADSL interface and just use the ip address from the eth0 interface, but these days I use more Cisco kit than Linux for network rotes at work.

Date: 2003-10-25 11:05 am (UTC)
From: [identity profile] ciphergoth.livejournal.com
No, when I "dial out" the ISP assigns me the last proper address in my range (ie one below the broadcast address).

I don't know what you mean by the Cisco thing...

Date: 2003-10-25 05:18 pm (UTC)
From: [identity profile] mr-purpleduck.livejournal.com
In which case you will have to do some thing with bridging - I could try to explain it some more in Whitby if you wish. I'm going to be a bit busy between now and heading south.

Date: 2003-10-25 10:27 am (UTC)
From: [identity profile] kimble.livejournal.com
Is the ADSL (ppp) interface automatically negotiating its IP with the remote end, and if so, is it being allocated an address in that subnet?

I'm with Nildram, not Zen, but I have a single (static) IP as part of the basic service in addition to my routed subnet. On the router (a linux box with USB stingray thing, so I'd guess functionally equivalent to your PCI setup) I have a ppp0, which has the single static IP (which isn't part of my subnet) and an eth0 that I've allocated the first IP from my subnet to.

I've heard that it's possible to get a ppp device to use the same IP as eth0, but haven't tried that myself. I have (accidentally, cos I didn't read the instructions properly) previously set the router up to give ppp0 an address from my subnet, and that didn't seem to break anything - but was a waste of a perfectly good IP address.

YMMV

Date: 2003-10-25 10:30 am (UTC)
From: [identity profile] kimble.livejournal.com
To clarify: when I said "didn't seem to break anything", I had the router doing 1:1 NAT at the time, with a private address range on the LAN, thereby avoiding the routing headache described above...

Date: 2003-10-25 11:02 am (UTC)
From: [identity profile] olethros.livejournal.com
Hmm, this could go a couple of ways depending on what Zen have in mind - and I don't have enough info about that to be able to say for sure.

I'll point you in both directions and see what falls out. There are two ways of routing your /29.

One is that your ADSL line and your LAN are two separate networks, with two different address allocations. The ADSL line will have (say) a /30 - two reserved, one their end, one the ADSL card on your PC router. Separately, Zen's router will have a configuration set that any traffic for 82.68.129.72/29 will be fired at your router, and it's up to it to do the right thing from there.

The other way is as I think you suspect - every device on your network lies inside that /29, including your main PC. This is how my DSL back at home works, but in your instance it's slightly wackier because your ADSL card and your LAN need to be on the same logical network and have addresses on the same subnet. If that is how you're supposed to set this up then you'll need to enable bridging in some manner between your ADSL card and your LAN interface.

[livejournal.com profile] wechsler had the idea that you could split your /29 into two /30s, and assign one to the ADSL link and the other to your LAN - but while that's possible it (like either of the above) will only work if that's how Zen expect you to do it.

Sorry if that's clear as mud -- bother me at Whitby for more info. :)

Date: 2003-10-25 11:47 am (UTC)
From: [identity profile] ruis.livejournal.com
If you split it into /30s you waste 2 IPs, leaving you with only 2 for hosts.

Date: 2003-10-25 11:58 am (UTC)
From: [identity profile] wechsler.livejournal.com
The neglected detail was that I said that was pointless...

Date: 2003-10-25 01:05 pm (UTC)
From: [identity profile] hughe.livejournal.com 
82.68.129.72 - Network address
82.68.129.73  - available
82.68.129.74  - available
82.68.129.75  - available
82.68.129.76  - available
82.68.129.77 - LAN IP on linux  \__ bridge / firewall between
82.68.129.78 - ADSL IP on linux /
82.68.129.79 - Broadcast address


i dont see it being too much of a problem.

You could just use 192.168 addresses and do port forwarding for what you need.

Date: 2003-10-26 01:44 am (UTC)
From: [identity profile] drreagan.livejournal.com
Simple solution: have the other machines on the network send their routes to the PC's ethernet cards IP address as their gateway/router.
There's no reason why they would need to talk directly to the IP address of the ADSL card.

Another solution is to set up some sort of bridging between the ADSL card and the Ethernet card. If your ADSL interface is working via PPP of some sort, adding the word "proxyarp" to the PPP options file will make this work. If it's acting like an ethernet card of some sort, then it'll be more difficult.

Date: 2003-10-26 01:47 am (UTC)
From: [identity profile] drreagan.livejournal.com
Sometimes it's also possible to give two interfaces on the machine the same ip address, assuming that one of them is a point-to-point link.

Date: 2003-10-26 02:53 am (UTC)
From: [identity profile] stgpcm.livejournal.com
what is the presentation of the card on your box? ppp or eth?

if it is ppp what is the other end?

you should be able to get away with having the same address on both interfaces - assuming the linux PPP stuff isn't completely braindead.

Date: 2003-10-26 03:27 am (UTC)
From: [identity profile] ciphergoth.livejournal.com
PPP, inet addr:82.68.129.78 P-t-P:62.3.83.3. If I can give both the same address that would rock - saves an IP from my very limited stock!

I guess the other solution would be to have two subnets on the same wire, and assign the LAN interface an address from the 192.168 subnet - can the two subnets talk to each other happily?

thanks muchly! (also thanks to [livejournal.com profile] drreagan who raised a similar point)

Date: 2003-10-26 01:37 pm (UTC)
From: [identity profile] simm42.livejournal.com
You can deffinatly have the linux gateway running the same IP for the ppp0 and eth0 - you just have to get your IP tables rules right - I have figured something similar out at work - but only done it once so it would probably take me the same time again, with lots of call to man.

Another option you have is keeping a 192.168. with a 255.255.255.0 netmask home network, giving eth0 the usual .1 on router and whatever it gets on the ADSL, though then just use IP tables to re route each address on the ADSL, either one to one, or one to many to machines on the inside. What you may want to do is one to one all the available IP addresses, then use your gateway IP address and masquerade that one through to any machines you dont want to give one to one. This gives protection to them, lets them log onto the net, but makes anyone getting into them a bit harder.

That way from your 8 you lose one to the network address, one to broadcast, you have 1 for your gateway machine, which is also used for any machines sitting behind IP masquerading and then you have the other 5 IP addresses all available.

This is what I have been planning to do myself as once I live in an area that can have ADSL I plan to get zen, unfortunatly unless they can persuade the new forest ponies that they want to be online it will probably be after I next move house - so may be a while.

You probably also want to set up a domain registreation for you home network, put DNS (BIND being the obvious choice, though I use dnsmasq as a nice light weight alternative) on your gateway so you can name your machines, and remember to put an IP tables rule in that if you are requesting one of the external addresses for your network it actually routes it internally so you get network rather than broadband bandwidth.

Should hopefully make it to Whitby on the friday night - though we wont be hitting the main gig. Possibly being coming on the saturday with Jareth, will depend how he is feeling, he's had a bit of a cold and at 4 weeks old we are being a little careful with him.

Might see you around

Simon

Tis a bit late at night for me to answer right now...

Date: 2003-10-26 03:58 pm (UTC)
From: [identity profile] kingginger.livejournal.com
... but have you got it sorted?

If not I can chuck in 2 pence tommorow as to how I run my static IP's from Plus.net

Although I dont use Linux, I shouldnt imagine things would be that different on Windows??
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

ciphergoth: (Default)
Paul Crowley
My Website

January 2025

S M T W T F S
   1234
5678 91011
12131415161718
19202122232425
262728293031 

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Dec. 26th, 2025 09:26 am
Powered by Dreamwidth Studios