Mixing Static and Dynamic IPs

by Scot Hacker


Until recently, I had a large block of static IP addresses for my home network, which made server setups easy. But I also had fairly low upstream DSL speeds. In order to get faster upstream, I switched providers to Speakeasy. So far I'm very impressed with their service -- no limits on reasonable connection sharing within households, and no limits on what kinds of servers you can run. The 768kbps upstream I purchased is going to be perfect for moderate domain hosting from home. I was able to buy an extra static IP from Speakeasy online for a few bucks and have it become immediately available -- very cool. But during setup of the new network I hit a snag.




I have five machines on the home network, one of which is going to be a public web/mail server. The server needed to be on the public/static IP, while the other four machines needed to be on 192.168.x DHCP addresses. I couldn't figure out how to configure the LinkSys BEFSR41 to enable both the Class C and the public networks simultaneously.




The answer was not in the user manual, nor was it on the LinkSys web site. But a friend had been through the same situation and had the situation down cold. The trick is to place a hub inline before the router. So rather than running from the DSL modem to the router and from there to the server and the workstations, run from the modem to a standard hub's "Crossover" or "Uplink" port. The server can then be connected to one of the hub's other ports. Another free port on the hub can be run into the LinkSys router's WAN port. The workstations are connected to the router's ethernet/hub ports (note that using the Uplink port on the LinkSys will disable port #1, so you'll need to leave it empty.




As for machine configuration, the workstations can now be set up to use the router as their DHCP server, presumably at 192.168.1.1. Meanwhile, the server gets configured to use its static IP. Rather than looking to the LinkSys router, it uses the DSL remote gateway address, just as the router does.




Of course, the server does not benefit from the firewall features of the router, and so becomes responsible for its own security. Another firewall of some sort needs to be deployed. But it is absolutely possible to run a mix of static/external and dynamic/internal IPs on a home network with a DSL gateway.



7 Comments

anonymous2
2003-03-17 13:02:53
Why not DMZ
I think you could have used a DMZ.
John
shack
2003-03-17 20:10:52
Why not DMZ
DMZ doesn't let you enter an arbitrary IP address - it gives you 192.168.xxx to fill in. So this doesn't solve the problem. Thanks though.
anonymous2
2003-03-18 15:57:41
Why use the linksys at all?
If the linksys router isn't the same physical device you NEED to access your dsl, why use it at all?


It sounds like it's job on your LAN is to be a NAT gateway, and give out dhcp leases to workstations. That task could easily be accomplished with a (linux|os x|*bsd|etc) PC with two nics in it. Really, you could even use your existing server, and just add a $14 NIC. (That would not be the ideal solution from a secuirty standpoint, but if your server isn't firewalled at all right now...)


If you haven't setup a nix router before, I highly recomend using linux and the shorewall package from shorewall.net. It's quite flexible, yet still easy to understand.


As it is, I think the title of this post would better be "how I avoided the linksys box for my servers, and created an un-firewalled dmz".

shack
2003-03-19 01:51:48
Why use the linksys at all?
Not sure I understand - why would I want a Linux box humming and chewing electricity and taking up configuration time when I can have the same exact job done by the cheap, quiet, efficient LinkSys?
anonymous2
2003-04-02 11:36:11
Could you do the same thing by adding an additional network card on the server machine.
I have a dhcp router (dlink DI-704P) that is between my office 8 port hub and the dsl line. I can share the connection with all computers connected to the hub. I wanted to have an additional public IP for one of the machines, so this article helps. I was just wondering if I could just put an additional network card into the "server" machine, and then hook the new card up to one of the available ports on the router. When I have directly connected the "server" machine to one of the spare ports on the router using "public" numbers, I can access the internet, but can not share files with the local machines. Also, will the setup described in your artcle prevent other computers on the local network from accessing the "server" machine. I would experiment, but this particular machine is "hot" and will disrupt operations when I fool around with it so my experiment time is limited.
markpollack1
2003-06-17 17:20:53
And so....
I ended up doing the same thing, found your article after not being happy leaving the "server" w/out a firewall. So are you going to buy another linksys for the unprotected server? Seems like an odd idea, one linksys/public IP. Maybe using a linux box as a router would be a better solution if you want to firewall many public IPs.


yea, speakeasy is pretty damn good...

dae
2005-03-29 10:06:15
gateway address?
I am currently looking at this same situation today. question is, the server has a public IP address, where does the server gateway address get plugged other than the NIC?