Re: Dhcp and ssh

Tue, 09 Dec 2003 20:48:57 -0800 

On Sat, Dec 06, 2003 at 11:55:29AM -0700, Monique Y. Herman wrote

> I'm pretty sure ssh still gets upset if a hostname doesn't match the
> expected IP .... known_hosts records both the hostname and the IP,
> then gets upset if either changes in relation to the other.

  ??? I'm on an ADSL ISP, and I have a dynamic IP address to the outside
world.  For even ,ore fun, I'm behind two layers of NAT.  Yet I still
manage to ssh in daily to a remote machine to collect my email
(including this list).  Here's my setup...


   Dynamic publicly        192.168.1.2/
   routable IP address     255.255.255.248
 v<assigned by my ISP    v<external address
 v                       v
 v  ____________         v __________________ 
 v |            |        v|                  |
 =<  ADSL modem  >=======<  Netgear Router   |
   |____________|^        | Internal address |
                 ^        | 192.168.1.254/   |
 192.168.1.1/    ^        | 255.255.255.248  |
 255.255.255.248 ^        |_  ___  ___  ___  |
internal address>^          ||   ||   ||   ||
                            ||   ||
                            ||   ||
         ___________________||   ||
        |                     |  ||
        | Linux 192.168.1.249 |  ||
        | mask 255.255.255.248|  ||
        |_____________________|  ||
                                 ||
              ___________________||
             |                     |
             | Linux 192.168.1.250 |
             | mask 255.255.255.248|
             |_____________________|

  The ADSL modem has internal address 192.168.1.1 mask 255.255.255.248.
I could get away with netmask 255.255.255.252.  I set the router's
"external/WAN" address as 192.168.1.2 netmask 255.255.255.248 (netmask
255.255.255.252 would also work here.)  I also set the router's external
default gateway route to 192.168.1.1 (i.e. the modem's internal address).

  Apparently, the primary rule with double-NATting is not to overlap IP
address ranges.  So I decided to select the block defined by
192.168.1.248 netmask 255.255.255.248 (same as 192.168.1.248/29).  The
allocations I use are...

  192.168.1.248 base address (not supposed to have a machine here)
  192.168.1.249 \
  192.168.1.250  \ are for up to 4 machines to hook
  192.168.1.251  / up to the 4 ports on the router
  192.168.1.252 /
  192.168.1.253 I haven't quite figured out a use for this address
  192.168.1.254 The internal (LAN side) address used by the router.
                This follows the default convention for router address.
  192.168.1.255 The broadcast address used by the router (syslog output).
                This follows the default convention for broadcast address.

-- 
Walter Dnes <[EMAIL PROTECTED]>
I'm not repeating myself; I'm an X Window user, I'm an ex-Windows user


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to