I have been playing around quite a bit with my Linux box and a hardware firewall I set up (called Smoothwall) and was wondering if someone could help me understand something.

I am running two computers connected to a hub which in turn is connected to the hardware firewall. Which in turn is connected to an ADSL enternal modem out to the Internet.

So far it seems that a DHCP server's role is simply to hand out IP addresses to computers connected on a network. Once those IP's are assigned the DHCP server can in fact be disabled and access to the Internet or other parts of the network is still possible. In lieu of using a DHCP server to assign IP addresses one can just manually assign the IP address of each machine along with the subnet mask IP and the gateway IP to accomplish the same thing.

Assuming the above is correct the one thing I don't understand is how the hardware firewall computer knows which computer to route an incoming packet to?

Packets go out and come in through one of two NIC's on the firewall computer. The other NIC is connected to my hub.

But how does the NIC connected to my ADSL modem know to route a packet to either one of my two computers on my LAN?

I do have a DNS cache going so it's possible that this DNS cache remembers which computer corresponds to which IP and routes the packets to the appropriate computer but I am not sure that this is the case.

Does anyone have any insight on this?

I was running a DHCP server but decided to disable it since the LAN seemed to work jsut as well if not better without it.

Thanks.

Carlos

If it is a pure firewall, without routing function, it does not need to know where to route, all it does is send the un-filtered datagram to the internal network, since you are using a hub, datagram is accessable to every interface connected to the hub, but only the one with the coresponding address shall grab the datagram and process it. If you are using a switch, the switch have a copy of the mac-ip address mapping table, it shall use that to switch the path of the datagram.

So how does a switch discover the mac - ip mapping. when a host want to contact another host, it shall broadcast a arp request onto the network, "where is 192.168.0.1?", the host with ip 192.168.0.1 shall answer "I am at aa:bb:cc:dd:ee", where aa:bb:cc:dd:ee is the mac address. And the mac-ip mapping shall be cached for next use, if the mapping is not used for certain period, it shall be deleted from the cache.

Router use a differnet method to discover the routing path.

If it is a pure firewall, without routing function, it does not need to know where to route, all it does is send the un-filtered datagram to the internal network, since you are using a hub, datagram is accessable to every interface connected to the hub, but only the one with the coresponding address shall grab the datagram and process it. If you are using a switch, the switch have a copy of the mac-ip address mapping table, it shall use that to switch the path of the datagram.

So how does a switch discover the mac - ip mapping. when a host want to contact another host, it shall broadcast a arp request onto the network, "where is 192.168.0.1?", the host with ip 192.168.0.1 shall answer "I am at aa:bb:cc:dd:ee", where aa:bb:cc:dd:ee is the mac address. And the mac-ip mapping shall be cached for next use, if the mapping is not used for certain period, it shall be deleted from the cache.

Router use a differnet method to discover the routing path.

Thanks ask_123(?).

Very interesting. I believe I understand what you are saying but I am wondering...

Why is it then that if I connect the ADSL modem ethernet cable directly to the hub that I can't connect to the Internet?

Where one end of the ADSL ethernet cable is in the hub and the other is connected to the back of the ADSL modem.

I would think that packets would come through the ADSL modem as usual and that they then would get picked up by whatever computer they were addressed to. Off the hub.

Is it possible to just connect an ADSL modem directly to a hub and then have other computers connected to the hub send or pick up packets?

I have not gotten this to work but since I am just learning perhaps I have missed something.

By the way, I do not believe that my firewall has any routing function (at least not that I know of). It just receives incoming packets through the ADSL modem and passes them along to the hub. After making sure they are of the kind that I am allowing through of course.

Any further insight would be appreciated.

Carlos

Think of ARP as DNS for IP address -> Ethernet address mapping, instead of domain name -> IP address mapping. At least, that's what I do.

Originally posted by carlos123
Why is it then that if I connect the ADSL modem ethernet cable directly to the hub that I can't connect to the Internet? Because if you do that, your internal computers are both going to have to have publically-routable IP addresses. No router will pass on packets addressed to any of the private IP ranges (192.168.x.x, 172.16.x.x through 172.31.x.x, or 10.x.x.x), so if your computers have an IP address in that range, they cannot and will not receive packets from the Internet.

You would have to buy two IP addresses from your ISP, and assign one to each computer. You may not be able to still use the DSL modem, either, if you use PPPoE on it, since the PPPoE protocol is point-to-point (and not multiple-points-to-single-point).

I would think that packets would come through the ADSL modem as usual and that they then would get picked up by whatever computer they were addressed to. Off the hub. They would, if the DSL modem's control protocol (PPPoE) supported it, and if the other computers had public IP addresses.

The other thing is, public IPs cost money. So it's cheaper to just set up NAT (the comptuer running Smoothwall).

By the way, I do not believe that my firewall has any routing function (at least not that I know of). It just receives incoming packets through the ADSL modem and passes them along to the hub. After making sure they are of the kind that I am allowing through of course. No, it has routing support. When it gets a packet in from the outside, how does it know which NIC to send it back out on, if it should be forwarded? That's a routing decision. When it gets a packet in on the internal interface, bound for the outside, and after it mangles the return IP address and updates its cache of port->private IP mappings, how does it decide which NIC to send it out on so that it can get to the gateway and from there to the rest of the Internet? That's a routing decision. ;)

Thanks very much bwkaz for your additional input. Good stuff!

Carlos

Originally posted by carlos123
Why is it then that if I connect the ADSL modem ethernet cable directly to the hub that I can't connect to the Internet?
Since I am in the nice and warm vancouver, I assume we are using the same company for the ADSL link. Here is what happen, Telus requires you to register the mac address of your ethrnet interface before your computer can use the ADSL link. In vancouver, we can have two IP adress, so you can register MAC address of the interface from both of your computers and just plug it to the hub, you should be able to connect to the internet directly.
Another possible reason is that the cable from the ADSL modem to your firewall is a cross-over cable, if you connect the ADSL modem to the hub, you have to use a st. through cable (ie. regular RJ45 cable)

Thanks again for your input.

How does one like me learn about this stuff? I mean it's great getting input from everyone but in addition to learning from input I would also like to learn the underlying knowledge that allows one such as yourself to give the input that you do.

I have looked at a lot of networking stuff on the Internet but is there a book which one's could recommend that would be more comprehensive?

Covering home and small business networking? All about hubs, routers, switches, hardware firewalls, cables, NIC's, IP, subnet, gateways, DHCP and the like?

Networking still seems to be one of those areas of computer technology that is still somewhat mysterious and practiced by a few skilled magicians so to speak :).

Any good book or link recommendations?

Carlos

I do not find any magically book in any book stor that talk teach everything about networking.

If you really want o learn, you can go and buy a basic networking book to learn the basic. Then the nest step is to play with your linux box.

There is no point to use windows because thay wrap everything into the magical GUI, you can learn nothing from windows.

Another good thing about Linux is that you can ue a still use a P166 as your hardware without any problem.

If you are a reader, try to read the RedHat's documentation, another place to find valuable information is http://tldp.org. (the linux documentation project).

good luck!