Media-One Express, IP Masquerading

Paul Gelinas pgelinas at ftp.com
Fri Feb 13 21:06:28 EST 1998


-----BEGIN PGP SIGNED MESSAGE-----


Sean,

While using only one card per machine, with the modem tied in
through the hub,is possible, it does have one big side effect
which MediaOne could nail you on. Namely, all traffic on your
"internal" network will go out onto their network. Even using
"reserved" subnets (like 10.*.*.*) won't cut it, because hubs
don't filter out any traffic. all of your IP traffic would be
put on their wire twice, once from your "internal" PC to your
Linux 'router', and again from the Linux 'router' box to your
cable modem. Likewise, all your internal PC's will be visible
to ( at least ) everyone else on your MediaOne segment.

Two cards is really the only 'safe' choice ( both for you and
for MediaOne ) for keeping your 'internal' network internal.

PaulG
pgelinas at ftp.com
pgelinas at mediaone.net


+---In your message of 02/11/98, you said:

Is this like taking a drink from a fire hose? =)

Thanks for all the reponses folks, it's been great.

So far it looks like Jerry's configuration with 10Base2 is the closest to
what I'd like to set up.

What I'd like to do is to plug the modem into a 10baseT hub, then our three
other computers into the hub, one of which will be a Linux system doing the
IP masquerading.  I would like to avoid having double ethernet cards on
the Linux box.

I understand that the M1X cable modem is configured by them to recognize one
particular MAC address that receives all the packets from the Internet.  So
the card on the Linux box will be the official receipient from the cable
modem, but it will then also have to be aliased as the gateway of the
internal network.

Is this possible to do without having a separate card?  The Linux FAQ from
Media-One uses a setup of two cards in the Linux box plus the second machine.
Seems to me that this is probably unnecessary?  Although technically
security-wise I know that is the Right Thing(tm), we don't have much
inclination nor need for such firewalling.

Thanks again for your reponses.

. . . Sean Chen.

+---End of quotation

-----BEGIN PGP SIGNATURE-----
Version: 2.9

iQCVAgUBNOT8IuceSu1oZszvAQH3BAP/YWoDwmFGW4joHfdHnys/WTK9PJKPlU7X
P/syNar6e3fzBethLrXKqF041C1aJ6hA52yWL7/Quoto6Q7sJqEGrYG54E6nhyZN
+RrfBOxB2TXFaf6EyZ7s1X72sB7+9c4HVuQA99su+4mIYRggLO3v+9Ogxob2GPCm
BKo41T3nZ2o=
=4NKR
-----END PGP SIGNATURE-----




More information about the Discuss mailing list