I run a Linux FW/MailServer at home with a small 4 PC lan. I get a DHCP addr from my cable provider and have no problems. A one-liner at the top of my iptables script figures out the INET adapter IP. I think it's too much trouble for the cable provider to rotate IPs, so as long as I'm powered up I keep my IP.
INET_IP=`ifconfig eth1 | grep "inet" | awk '{print $2}' | awk -F":" '{print $2}'`
I realize it's not fault tolerant, but if I have routing prbs, I just reboot.
For the couple one time it's changed in a year, I just jump to http://hn.org (also free) and change my address for the domain I host. I'm not running a business, so 24 hours for DNS to propogate isn't a big deal for me.
-=Berns
------
Bernard Hoffman
Captive Capital Corp. (f.k.a. eMarket Capital, Inc.)
http://www.captivecorp.com
-----Original Message-----
From: Paulo Abrantes [mailto:pcma@mega.ist.utl.pt]
Sent: Wednesday, November 20, 2002 3:05 PM
To: David Ruben Elfi
Cc: security-discuss@linuxsecurity.com
Subject: Re: DMZ implementation
> First of all, have you static ip address on adsl? Check this first.
> Implement services like that is a big problem if you not have static ip
> address.
>
Yes I will have a static IP, though there's a good way of doing the service
implementation when not having one. At least I think it can be done
this way...
Here is how I would do if I would have dynamic IP over my ADSL connection:
Sign up for a dynamic DNS service, such as dyndns.org which is free.
Install the software in the gateway (unfortunatly, if I'm not wrong, the
client they allow us to donwload is a binary and you cannot really know
what is in it) and then just set some port forwarding policy to
your DMZ servers.
Just a thought though...
Regards and thanks for the reply,
P. Abrantes
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
