[NCLUG] DSL modem + Wireless Router setup

[Sean Reifschneider]

On Wed, Sep 06, 2006 at 01:19:46PM -0600, Chad Perrin wrote:
>That shouldn't necessarily be a problem, though I've not used that
>router, so I don't know.  You should be able to change your internal
>network to 192.168.2.x instead, though.

Most systems are quite unhappy to have the same network on multiple
interfaces.  At the very least, the kernel is going to see the two routes
for the same network, and may not select the right one for trying to push
traffic over.  I've seen it cause all sorts of weirdness, particularly if,
say, your default gateway on the DSL is 192.168.1.1, and the Linksys also
has 192.168.1.1 and therefore sees it as a local destination.

One common issue I've seen with VPNs is Windows users taking their laptop
in to the office, plugging in and getting an IP on Ethernet, and then
going elsewhere and getting connected to the office network via the VPN
and nothing work because their Ethernet still has the office IP on it.

If you're asking on a mailing list, then having the same network on
multiple interfaces should probably be considered a bug.  The times I've
legitimately done that in the last decade are less than 10...

That said, you can make a nice firewall without having to use ebtables and
bridging, by doing proxy ARP and putting the IP range on both interfaces
(public and private).  Makes for a nice DMZ setup, particularly if you have
no control over the router handing packets to your network, or too few IPs
to subnet.  It's almost exactly like a bridge, but iptables works on it.

Sean
-- 
 "Bill and Ted on cryptography: If you are really us...  What number are we
 thinking of?" -- Sean Reifschneider, 1998
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability