Re: Static IP on DHCP system?

[Bill Hacker <wbh@xxxxxxxxxxxxx>]

Jonathon McKitrick wrote:
> If my home router provides DHCP in the 192.168.0.100 range, is there anything
> wrong with me statically assigning a 10.0.0.1 address to a box on the network?
>
> Jonathon McKitrick
> --
> My other computer is your Windows box.

Not a problem.

We've run multiple 192- , 10- , and such for years, home and office.

Some sub-nets have exactly two devices, full stop.
Makes it easier to secure many services.

None of the commodity Planet, D-Link, NetGear, Linksys, etc. - 
router/NAT/firewall devices will *ordinarily* leak these 'other' nets to the 
upstream side, and most cannot even be asked to do so from their stock interface.

That said, you probably want a 192.- on all/most of your gear as well, and these 
can be fixed-IP's despite the NAT device offering DHCP to others on the same LAN.

man ifconfig for aliasing info.

You may also wish to set up some rules in the router/NAT device to block/allow 
or port-map services to specific boxen, hence the advisability of having those 
devices use a fixed-IP within the DHCP pool.

Note that where WinBoxen are involved, we use a separate physical plant and no 
bridging. Even the printers are separate (or use parallel-port / USB->parallel 
sharing devices). A 'bastion' *BSD box with 6 separate NICs lets us reach every 
machine or IP print device on all the separate cable plants, yet keeps the 
WinBoxen isolated. Each WinWoes 'seat' also has a Mac Mini n an Aten KVM for 
e-mail and browsing.

It isn't (yet) a capital crime to connect a WinBox to the internet.
But, considering the cumulative man-years (several lifetimes..) they cost 
humanity every day, not to mention billions of US$, it probably should be...

;-)


HTH,

Bill