If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#13
|
|||
|
|||
Windows DNS cache
On Mon, 01 Jan 2018 23:50:32 -0500, Paul wrote:
Mayayana wrote: "Paul" wrote | There are a couple possibilities. | I don't really follow your explanations here. I have cable, not DSL. The cable co-axial connects to a router. Computers are wired to that, using fixed IP addresses on this side. The cable company assigns an outside IP, but it rarely changes. Probably just often enough to stop me hosting a server. I'm using fixed IP only because I don't like to allow svchost through my software firewalls. DHCP is one of the things that runs under svchost. When I first got Win7 that was the only thing that svchost was needed for that I didn't already have disabled. So I switched to fixed IP addressing. OK, so we're making progress. You could do it like this, where the SVCHOST only talks to the router. Does that assuage your sense of security ? The DHCP in this case, is in two hops. The router has a client it talks to the ISP with. The PCs have a client they talk to the router with. The evil svchost doesn't talk directly to the ISP in this picture. 75ohm coax ------ cablemodem/router ------------ PC#1 ---DHCP DHCP ------------ PC#2 for WAN server evil svchost for LAN If you do it like this, all you're doing is avoiding the DHCP on the LAN side of the router. fixed 75ohm coax ------ cablemodem/router ------------ PC#1 192.168.0.3 ---DHCP ------------ PC#2 192.168.0.4 for WAN Some subnet 192.168.0.1 gateway etc. Your configuration is still pretty conventional, and you're saying now you have more than one PC connected. What the router consists of, is a one port router and a switch chip. The first router I owned, the $300 CDN BEFSR44, actually partitioned this function as two circuit boards. The modem/router I have now, all three functions (modem block, router, switch block) are in the same Broadcom chip. LAN Side WAN --- router board ------------- switch chip ----- PC#1 ----- PC#2 ----- PC#3 consumer router ----- PC#4 Now, in that picture, all the PCs can see one another. The switch is a learning switch, and it keeps track by observation, as to what IPs are on each port. Nit: switches operate on OSI Layer 2, the MAC layer. They don't know or care anything about IP addresses, which exist on Layer 3. Other than that, you're right. Just replace IP address with MAC address. Yes, you can probably use separate subnets and net masks, to logically prevent the PCs from talking to one another. Is that what you're doing to silo the PCs on the right ? "Creative use of netmasks" (for example, /24 on the router's LAN side and /30 on each PC) and "using different subnets" would both require the LAN side of the router to be configured with multiple IP addresses. I don't think any consumer gear can do that, but some 3rd party firmware probably can. The router portion is not supposed to route non-routable addresses like 192.168.x.x, as far as I know. Right, and even if your consumer gear was horribly broken and allowed that traffic to go out, it would be dropped at the ISPs first hop. RFC1918 https://tools.ietf.org/html/rfc1918 The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets: 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) -- Char Jackson |
Thread Tools | |
Display Modes | |
|
|