Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am considering moving to a software (ebox/pfSense/Zeroshell etc) based router.
It fits well to have 1 NIC connecting to your modem & the other to your switch & network. It seems to make sense it is more secure, but is it?
If I assign the 1 NIC in my router 2 IPs, a subnet for the modem and a subnet for the LAN, how is the different?
I can't think exactly what it is. I am no network guru and probably missing something down at a lower networking level, but for a home router, does 1 or 2 NICs make any difference?
The easiest thing to approach is to think of what will happen if one nic is serving two networks..
Traffic destined for one network (read: subnet) will be sniffable on the other. vice versa, your internet connection will be clogged with broadcast packages from your local network, being visible to the internet provider. Being paranoid, you don't want that to happen. Physical separation is the best approach to provide a plain, easy, understandable infrastructure.
But back to your question.. can you elaborate on why you want to go with this approach, or is this merely a study case for you?
I thought it would be something like that.
How likely someone on the "outside" trying to come in from the modem will be able to gain access to LAN packages?
Well looking at small hardware, like my Marvell Sheeva plug. Could be a great router, but only have 1 NIC.
I could by an Apple USB to Ethernet Adapter, but that's $40 I am trying to save
Well there isn't a reason technically why it shouldn't work with one nic (you might need to fiddle with ICMP redirection prevention, though).
There's one thing though.. how does the router achieve it's outside IP ? if that is through DHCP, and you want your workstations to use DHCP as well, there's a real issue there.. on one physical network (serving one or many subnets) you cannot have multiple DHCP servers. Well technically you can, but you won't be able to tell which DHCP server is going to win the workstation, and your internet provider won't be fond on serving multiple outside IPs to your workstation....
Then again, your local DHCP server will be local and thus quicker (less round-trip), so it COULD be that the workstations will always pick IPs from the local DHCP server... but you'd have to make sure that the router gets its own IP from the provider...
If the configuration is static and the internet provider does not respond to DHCP requests, you'd be safe.
Yeah never had any issues there. My modem gets my static, external IP. Then it is static set an IP on my LAN. Then my Sheeva Plug runs as DHCP server for my LAN using dnsmasq.
I think I am safe with rgards to DHCP.
I think $40 is worth a little extra safety blanket (and probably much easy configuration.)
Really having two IP networks running on one physical network really can cause problems. Two NICs is the easier route. BTW how do you like the SHeeva Plug I've been thinking of some things I could do with one of those.
I think I will go ahead with purchasing the Apple USB-to-Ethernet adapter. Seems well supported and performs well.
The Plug is nice. Very cool little device. I am finding it hard to find uses for it. So far it is just my DNS/DHCP server and Nagios network monitor. Maybe it will be my VPN server too. Low power, so good to use instead of a full on desktop/server if you can to save on electrical bill.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.