In case you haven't resolved your cable modem problem:
I am also using Road Runner and they do not like you to have more than one
IP address on a single modem. Having your cable modem directly connected
to the hub is a bad idea:
1) (repeat) Road Runner will eventually find out that you may have more
than one IP going thru the cable modem and they will try to get you to stop.
2) If you are using the linux box to masq. in this setup (which it can do,
although it is a very poor setup for doing so, then you are generating
approximately 4 to 6 times the traffic on the hub than having the
traditional masq. setup (and of course increasing geometrically with the
number of private network computers that you add to the hub for masq-ing).
3) It does not make your client computers any safer than if they were
directly connected to the internet, assuming you are hoping to gain some
safety from a firewall or the implicit firewall that is in the masq setup.
Masq. setups should use this topology:
Cablemodem <----> (eth0) Linux Masq. Server (eth1) <-->[Ethernet hub (NOT
uplink ports)]<===>client(s)
Of course it is your own preference if you want eth1 or eth7, etc connected
to the cable modem and some other eth interface connected to the hub, but
you must do this with a cable modem in order to prevent excess traffic from
prematurely overloading your hub and to provide the hardware separation
necessary to achieve proper firewalling, and of course this gets Road Runner
off your back if you are going thru them.
Unfortunately this may mean that you need to buy another network card but
that is relatively cheap.
I cannot stress enough that having the cablemodem connected directly to the
hub is VERY BAD, especially if you start to try running things like a DHCP
server on your linux box.
To explicitly show the effects: say you are using irc from a client
computer that is masqed by the linux server under the cablemodem-direct to
hub setup:
1) Client sends a packet to the masq box. all other computers on the hub
"see" that packet but must ignore it and wait until it is done transferring
to send their own packets. of course the cablemodem and the road runner
network see that packet and must also ignore it.
2) Masq box masqerades the packet and sends it to the hub, again all
computers on hub must ignore and wait while the cablemodem picks it up and
sends it out to the internet.
3) a reply packet comes from the internet to the masq box. all clients on
the hub must ignore the reply packet and wait for the masq box to pick it up
(including the irc client box)
4) masq box demasquerades the packet and sends it to the hub, again all
clients on the hub, including the cablemodem/RR network see the packet and
must wait/ignore it until the irc client computer finishes getting it
This is a best case scenario where there are no collisions, etc.
With the proper setup, the cablemodem will not generate collision traffic
and will not receive collision traffic and no packets that are from foriegn
subnets will be available to to RR network or the client machines.
5) you piss someone off on irc and they decide to attack you with a packet
that causes windows machines to lock up. It comes off the cablemodem pipe,
but since the linux box (which is "immune") cannot filter it out, it reaches
the windows machines and even though they are not the recipients of the
packet, the attack still has the potential to work, therefore the linux box
is ineffective as a firewall.
Anyhow, that's just my 2 cents.
Sincerely,
Rob
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
