Custom Search
A special DHCP setup for
You are in a company where PCs are assigned their configuration via a corporate DHCP server but you have decided to put your department behind BrazilFW/Coyote Linux in order to be isolated from all those worm and virus infected computers in the rest of the company.
This breaks file shares between Windows machines on your LAN and the corporate LAN.
Use this method when you create your Coyote Linux/BrazilFW to be behind another firewall. Conceptually this is like a standard DHCP setup when connecting to the cable company except the WAN (Internet) is the corporate LAN. You will see this in the last paragraph. So this presentation is just a visual representation of your LAN all the way up to the Internet. There is nothing new here.
In this example real public IP addresses are used instead of the generic n.n.n.n format. Substitute anything valid for 192.168.0.n and 10.10.10.n but do them all. The 216.252.80.n and 64.254.0.n belong to my ISP in Canada. You can NOT use these. In a case like this the equivalent 216.252.80.128/28 part would be given to you.
There are 4 networks and 3 routers represented here. Each router sits on 2 networks and routes between them thus each has a WAN and LAN side. The WAN IP of a lower level router is part of the LAN of the higher level. The networks are INTERNET, ISP, COMPANY, and YOURS represented by GREEN, BLACK, RED, and BLUE respectively. There may be other terminologies to express these concepts but this is how I say it.
The Cisco router is owned and controller by the ISP. They have assigned your company a block of 16 IP addresses, 216.252.80.144 through 216.252.80.159, where 216.252.80.144 is the network address, 216.252.80.159 is the broadcast address and the rest are for company use. See my Proxy ARP using Brazil Firewall for another situation where you own a block of IP addresses. The ISP has decided to assign 216.252.80.145 as your company's default gateway to the Internet and the company has decide to use 216.252.80.146 as the WAN address of the corporate router which could be a BrazilFW/Coyote Linux machine. The company has also decided to use 192.168.0.0/24 as LAN addresses.
Let your Coyote Linux/Brazil Firewall pick up its WAN, gateway, and DNS server addresses from the company DHCP server and use any other valid private IP address range you want. I used 10.10.10.0/24 because it is then easy to visualize. 10.10.10 is me, 192.168 is the company, and anything else is Internet (sort of).
Need help with these network masks and their /nn equivalent formats?
See my IP calculator using an IP range and my CIDR calculator.
DISCLAIMER: The following instructions come with no warranty. Use at your discretion and risks. I am not responsible for its misuse, damages, or losses that can be caused directly or indirectly. It is assumed that you practice safe computing and take backups before making changes.
Stuff is written here for the uninitiated and no prior knowledge on the subject is presumed.
Use the Forums for support so everyone can share the information.
copyright for the writing. The ideas and code are free. Robert Bonomo