DragonFly users List (threaded) for 2006-08
Re: Static IP on DHCP system?
Jonathon McKitrick wrote:
If my home router provides DHCP in the 192.168.0.100 range, is there anything
wrong with me statically assigning a 10.0.0.1 address to a box on the network?
My other computer is your Windows box.
Not a problem.
We've run multiple 192- , 10- , and such for years, home and office.
Some sub-nets have exactly two devices, full stop.
Makes it easier to secure many services.
None of the commodity Planet, D-Link, NetGear, Linksys, etc. -
router/NAT/firewall devices will *ordinarily* leak these 'other' nets to the
upstream side, and most cannot even be asked to do so from their stock interface.
That said, you probably want a 192.- on all/most of your gear as well, and these
can be fixed-IP's despite the NAT device offering DHCP to others on the same LAN.
man ifconfig for aliasing info.
You may also wish to set up some rules in the router/NAT device to block/allow
or port-map services to specific boxen, hence the advisability of having those
devices use a fixed-IP within the DHCP pool.
Note that where WinBoxen are involved, we use a separate physical plant and no
bridging. Even the printers are separate (or use parallel-port / USB->parallel
sharing devices). A 'bastion' *BSD box with 6 separate NICs lets us reach every
machine or IP print device on all the separate cable plants, yet keeps the
WinBoxen isolated. Each WinWoes 'seat' also has a Mac Mini n an Aten KVM for
e-mail and browsing.
It isn't (yet) a capital crime to connect a WinBox to the internet.
But, considering the cumulative man-years (several lifetimes..) they cost
humanity every day, not to mention billions of US$, it probably should be...