Hello, I have been on a dynamic ip for about 5 years and have just upgraded to a static ip. I know I need to change my network setup on my eth0 nic to static and stop ddclient from trying to update my address but is there _really_ anything else I need to change. I have a couple of websites on this address using *:80 in my httpd.conf. I can easily change this but don't think it would really make any difference if I don't. Also, my ISP is using different lingo than what linux uses. I suspect they think everyone runs Windoze. Can anyone decipher this for me, my ISP tech support has already gone for the day. IP Addresses: 71.30.117.0/30 Netmask: 255.255.255.252 Router IP: 71.30.117.1 <--------------- This Useable IP's: 71.30.117.2 <--------------- and this My ip address, if I do an ifconfig, is 71.30.117.1. This has me a little confused as they tell me my ip address is 71.30.117.2 TIA
I think this means that their router is at 71.30.117.1, so at least minimally you may want to set your ROUTER= and NAMESERVER= to that ip (if they are providing dns through it). The usable IP's are where you block starts, so you can assign an adapter starting at 71.30.117.2, on up through the 0/30 range they've provided. (Generally not a good idea to post your IP's in public message spaces by the way). > My ip address, if I do an ifconfig, is 71.30.117.1. This has me a My guess is that this is because you're still using dhcp when you initialize your adapter and the ISP therefore provides a fallback for users who haven't switched? All of this advice could be bozo, but based on my experience so far, it's probably close enough to get you started. I would, however, backup your net config file, make a small change, and test it thoroughly. Also, you might have to also add in your resolv.conf (or if windows, the tcpip configuration) the ip addresses of the nameservers the ISP provides, if other than the router address. /m
On Mon, 2006-06-12 at 18:53 -0400, Thomas E Dukes wrote:> Hello, > > I have been on a dynamic ip for about 5 years and have just upgraded to a > static ip. > > I know I need to change my network setup on my eth0 nic to static and stop > ddclient from trying to update my address but is there _really_ anything > else I need to change. I have a couple of websites on this address using > *:80 in my httpd.conf. I can easily change this but don't think it would > really make any difference if I don't. > > Also, my ISP is using different lingo than what linux uses. I suspect they > think everyone runs Windoze. Can anyone decipher this for me, my ISP tech > support has already gone for the day. > > IP Addresses: 71.30.117.0/30 > Netmask: 255.255.255.252 > Router IP: 71.30.117.1 <--------------- This > Useable IP's: 71.30.117.2 <--------------- and this > > My ip address, if I do an ifconfig, is 71.30.117.1. This has me a little > confused as they tell me my ip address is 71.30.117.2Each end of the "wire" has an address. They see their end as being the "router" and the port being used for you is the "...1" address. Your end of the wire is the "...2" address. Their IP address is usefull If you changed the network-scripts on your side (or used the GUI on your X desktop to do it) to include the static address on your end of the wire, added DNS name server IPs to resolve.conf, you should be OK. Do an netstat -rn and you'll see something that helps clarify it?> <snip sig stuff>HTH -- Bill -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20060613/a63ea73c/attachment-0002.sig>
On Mon, 2006-06-12 at 18:53 -0400, Thomas E Dukes wrote:> Hello, > > I have been on a dynamic ip for about 5 years and have just upgraded to a > static ip.<snip> I almost didn't mention it because it's so common a concern now, but just in case. Static IP gives attackers a lot more leeway in their attempts to penetrate. Be sure your firewall (from ISP and iptables on CentOS machine) are now appropriate for your situation. With port 80 open, make sure your server stuff is kept up-to-date with security fixes. Make sure all services not needed are disabled. TCP wrappers (hosts.deny and hosts.allow) are up to snuff. HTH -- Bill -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20060613/c9ff697d/attachment-0002.sig>
> -----Original Message----- > From: centos-bounces at centos.org > [mailto:centos-bounces at centos.org] On Behalf Of William L. Maltby > Sent: Tuesday, June 13, 2006 7:41 AM > To: CentOS General List > Subject: Re: [CentOS] Changing from dynamic ip to static ip > > On Mon, 2006-06-12 at 18:53 -0400, Thomas E Dukes wrote: > > Hello, > > > > I have been on a dynamic ip for about 5 years and have just > upgraded > > to a static ip. > <snip> > > I almost didn't mention it because it's so common a concern > now, but just in case. > > Static IP gives attackers a lot more leeway in their attempts > to penetrate. Be sure your firewall (from ISP and iptables on CentOS > machine) are now appropriate for your situation. With port 80 > open, make sure your server stuff is kept up-to-date with > security fixes. Make sure all services not needed are > disabled. TCP wrappers (hosts.deny and > hosts.allow) are up to snuff.Hi Bill, Thanks, Yes, I have a firewall setup and also use denyhosts and fail2ban. Thanks> > HTH > -- > Bill >
> > From: "Joshua Gimer" <jgimer at gmail.com> > Date: 2006/06/13 Tue AM 08:39:36 EDT > To: "CentOS mailing list" <centos at centos.org> > Subject: Re: [CentOS] Changing from dynamic ip to static ip > > IPADDR=71.30.117.2 > NETMASK=255.255.255.252 > NETWORK=71.30.117.0 <http://71.30.117.0/30> > GATEWAY=71.30.117.1 > > Add this to your /etc/sysconfig/networking/devices/ifcfg-eth0 > And take out > > BOOTPROTO=dhcpGreat! Thanks, Eddie> > On 6/13/06, Thomas E Dukes <edukes at alltel.net> wrote: > > > > > > > > > -----Original Message----- > > > From: centos-bounces at centos.org > > > [mailto:centos-bounces at centos.org] On Behalf Of William L. Maltby > > > Sent: Tuesday, June 13, 2006 7:41 AM > > > To: CentOS General List > > > Subject: Re: [CentOS] Changing from dynamic ip to static ip > > > > > > On Mon, 2006-06-12 at 18:53 -0400, Thomas E Dukes wrote: > > > > Hello, > > > > > > > > I have been on a dynamic ip for about 5 years and have just > > > upgraded > > > > to a static ip. > > > <snip> > > > > > > I almost didn't mention it because it's so common a concern > > > now, but just in case. > > > > > > Static IP gives attackers a lot more leeway in their attempts > > > to penetrate. Be sure your firewall (from ISP and iptables on CentOS > > > machine) are now appropriate for your situation. With port 80 > > > open, make sure your server stuff is kept up-to-date with > > > security fixes. Make sure all services not needed are > > > disabled. TCP wrappers (hosts.deny and > > > hosts.allow) are up to snuff. > > > > Hi Bill, > > > > Thanks, > > > > Yes, I have a firewall setup and also use denyhosts and fail2ban. > > > > Thanks > > > > > > HTH > > > -- > > > Bill > > > > > > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > > > > -- > Thx > Joshua Gimer > >-------------- next part -------------- _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos
William L. Maltby spake the following on 6/13/2006 4:41 AM:> On Mon, 2006-06-12 at 18:53 -0400, Thomas E Dukes wrote: >> Hello, >> >> I have been on a dynamic ip for about 5 years and have just upgraded to a >> static ip. > <snip> > > I almost didn't mention it because it's so common a concern now, but > just in case. > > Static IP gives attackers a lot more leeway in their attempts to > penetrate. Be sure your firewall (from ISP and iptables on CentOS > machine) are now appropriate for your situation. With port 80 open, make > sure your server stuff is kept up-to-date with security fixes. Make sure > all services not needed are disabled. TCP wrappers (hosts.deny and > hosts.allow) are up to snuff. > > HTHI have a dynamic address at home, and according to the logs, it hasn't changed for over a year. So I think the firewall and TCP Wrappers stuff applies to ANY machine connected to the internet. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!!