|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
On Mon, Mar 26, 2001 at 10:55:47PM -0500, Bill Jonas wrote:
: A few of my friends are quite happy with DCA.net; servers are permitted,
: and you receive 6 static IP addresses free. (I get two with Speakeasy,
: and am also permitted to run servers.) A disadvantage is that your IP
: addresses are tied to the MAC addresses of the ethernet interfaces; you
: have to call them up for any change, so this limits your flexibility
: somewhat. (Although some might see this as an advantage, for certain
: (ill-guided, IMO) definitions of the word "security".)
This is easily circumvented by using a firewall and doing static address
translation (i.e. 1-1 NAT mappings from an RFC1918 address on your LAN
to the globally routable addresses that the ISP gives you). In that case,
the MAC address for ALL of your IPs would be the same, the external i/f
of the firewall. Depending on how your provider works, you many have
to proxy arp/setup static arps on the external i/f of the firewall to ensure
the traffic will be sent to you (unless they simply forward all traffic
on a layer-2 basis).
In addition to it being easy to circumvent the problems, with the firewall
properly configured, it's also more secure.
--
Jason Costomiris <>< | Technologist, geek, human.
jcostom {at} jasons {dot} org | http://www.jasons.org/
Quidquid latine dictum sit, altum viditur.
My account, My opinions.
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|