Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] FTTH ISP recommendation




Quentin Arnaud wrote:
>> I go through Asahi Net to get KDDI Hikari One Home course (not shared).
>>
>> For me the second NAT device (the Hikari One home gateway) isn't a
>> problem and I use it as a DMZ.  Anything I don't trust gets put under
>> that network (home gateway has 4 usable switch ports after the WAN and
>> LAN ethernet cables are attached.  I have never tried to change anything
>> on the home gateway as I can't read any of it.  The only thing I have
>> found not to work (with starting the connection on the inside) is the
>>     
>
>
> Can you expand what you mean by using it as a DMZ ? If you haven't
> changed anything then your computers behind the home gateway ip are in
> the 192.168.0.x range. The problem comes if you want to have some
> static mac address <-> ip relation or if you want to do portforwards
> on the home gateway. Or maybe you found a secret switch in that case I
> am all ears.
>
>   
You are correct, all my "DMZ'd" machines are still on the private IP
space.  I haven't bothered to translate the home gateway so I haven't
messed with port forwarding or anything.  By DMZ I simply mean a
sectioned off area of my network that doesn't have any ability to talk
to my internal network.  A protected private network that can't be
reached (via rules) from the outside.  I place computers that have been
comprised/infected that I am fixing in that section of my network.  It
really isn't like a true DMZ, but it is more like a 2-tier firewalled
network.

I just logged into the Aterm BL170HV I have and found that it appears
fully capable of everything you need except maybe QoS, which is should
be due to being used for VoIP and through Hikari One, TV.

There is the ability to make a DMZ'd machine and enable full IP Packet
filter rules with packet forwarding.  I'm actually quite impressed.  I
would like to point out that it is entirely possible that will want to
be careful opening up port 80 without redirecting elsewhere.  Some
people I work with tried to do this with a xDSL modem and found that
their modem's web config page was visible from the outside rather than
the web server they were trying to set up.  The Aterm's interface looks
very similar to the xDSL modem's.

Pat


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links