Hello,
I have been on a dynamic ip for about 5 years and have just upgraded to a static ip.
I know I need to change my network setup on my eth0 nic to static and stop ddclient from trying to update my address but is there _really_ anything else I need to change. I have a couple of websites on this address using *:80 in my httpd.conf. I can easily change this but don't think it would really make any difference if I don't.
Also, my ISP is using different lingo than what linux uses. I suspect they think everyone runs Windoze. Can anyone decipher this for me, my ISP tech support has already gone for the day.
IP Addresses: 71.30.117.0/30 Netmask: 255.255.255.252 Router IP: 71.30.117.1 <--------------- This Useable IP's: 71.30.117.2 <--------------- and this
My ip address, if I do an ifconfig, is 71.30.117.1. This has me a little confused as they tell me my ip address is 71.30.117.2
TIA
I think this means that their router is at 71.30.117.1, so at least minimally you may want to set your ROUTER= and NAMESERVER= to that ip (if they are providing dns through it).
The usable IP's are where you block starts, so you can assign an adapter starting at 71.30.117.2, on up through the 0/30 range they've provided.
(Generally not a good idea to post your IP's in public message spaces by the way).
My ip address, if I do an ifconfig, is 71.30.117.1. This has me a
My guess is that this is because you're still using dhcp when you initialize your adapter and the ISP therefore provides a fallback for users who haven't switched?
All of this advice could be bozo, but based on my experience so far, it's probably close enough to get you started. I would, however, backup your net config file, make a small change, and test it thoroughly.
Also, you might have to also add in your resolv.conf (or if windows, the tcpip configuration) the ip addresses of the nameservers the ISP provides, if other than the router address.
/m
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Mark Richards Sent: Monday, June 12, 2006 7:02 PM To: CentOS mailing list Subject: Re: [CentOS] Changing from dynamic ip to static ip
I think this means that their router is at 71.30.117.1, so at least minimally you may want to set your ROUTER= and NAMESERVER= to that ip (if they are providing dns through it).
The usable IP's are where you block starts, so you can assign an adapter starting at 71.30.117.2, on up through the 0/30 range they've provided.
(Generally not a good idea to post your IP's in public message spaces by the way).
My ip address, if I do an ifconfig, is 71.30.117.1. This has me a
My guess is that this is because you're still using dhcp when you initialize your adapter and the ISP therefore provides a fallback for users who haven't switched?
All of this advice could be bozo, but based on my experience so far, it's probably close enough to get you started. I would, however, backup your net config file, make a small change, and test it thoroughly.
Also, you might have to also add in your resolv.conf (or if windows, the tcpip configuration) the ip addresses of the nameservers the ISP provides, if other than the router address.
They made the changes today while I was at work but everything still seems to be working - all websites respond and I'm getting mail, etc. I guess ddclient caught the change and updated everything. I have since shutdown ddclient (fingers crossed).
I already had their nameservers in my resolv.conf and use dyndns and zoneedit for DNS. Guess I can still continue with them as they are free services.
Thanks!!
/m
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Mon, 2006-06-12 at 18:53 -0400, Thomas E Dukes wrote:
Hello,
I have been on a dynamic ip for about 5 years and have just upgraded to a static ip.
I know I need to change my network setup on my eth0 nic to static and stop ddclient from trying to update my address but is there _really_ anything else I need to change. I have a couple of websites on this address using *:80 in my httpd.conf. I can easily change this but don't think it would really make any difference if I don't.
Also, my ISP is using different lingo than what linux uses. I suspect they think everyone runs Windoze. Can anyone decipher this for me, my ISP tech support has already gone for the day.
IP Addresses: 71.30.117.0/30 Netmask: 255.255.255.252 Router IP: 71.30.117.1 <--------------- This Useable IP's: 71.30.117.2 <--------------- and this
My ip address, if I do an ifconfig, is 71.30.117.1. This has me a little confused as they tell me my ip address is 71.30.117.2
Each end of the "wire" has an address. They see their end as being the "router" and the port being used for you is the "...1" address. Your end of the wire is the "...2" address. Their IP address is usefull
If you changed the network-scripts on your side (or used the GUI on your X desktop to do it) to include the static address on your end of the wire, added DNS name server IPs to resolve.conf, you should be OK.
Do an netstat -rn and you'll see something that helps clarify it?
<snip sig stuff>
HTH
On Mon, 2006-06-12 at 18:53 -0400, Thomas E Dukes wrote:
Hello,
I have been on a dynamic ip for about 5 years and have just upgraded to a static ip.
<snip>
I almost didn't mention it because it's so common a concern now, but just in case.
Static IP gives attackers a lot more leeway in their attempts to penetrate. Be sure your firewall (from ISP and iptables on CentOS machine) are now appropriate for your situation. With port 80 open, make sure your server stuff is kept up-to-date with security fixes. Make sure all services not needed are disabled. TCP wrappers (hosts.deny and hosts.allow) are up to snuff.
HTH
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of William L. Maltby Sent: Tuesday, June 13, 2006 7:41 AM To: CentOS General List Subject: Re: [CentOS] Changing from dynamic ip to static ip
On Mon, 2006-06-12 at 18:53 -0400, Thomas E Dukes wrote:
Hello,
I have been on a dynamic ip for about 5 years and have just
upgraded
to a static ip.
<snip>
I almost didn't mention it because it's so common a concern now, but just in case.
Static IP gives attackers a lot more leeway in their attempts to penetrate. Be sure your firewall (from ISP and iptables on CentOS machine) are now appropriate for your situation. With port 80 open, make sure your server stuff is kept up-to-date with security fixes. Make sure all services not needed are disabled. TCP wrappers (hosts.deny and hosts.allow) are up to snuff.
Hi Bill,
Thanks,
Yes, I have a firewall setup and also use denyhosts and fail2ban.
Thanks
HTH
Bill
IPADDR=71.30.117.2 NETMASK=255.255.255.252 NETWORK=71.30.117.0 http://71.30.117.0/30 GATEWAY=71.30.117.1
Add this to your /etc/sysconfig/networking/devices/ifcfg-eth0 And take out
BOOTPROTO=dhcp
On 6/13/06, Thomas E Dukes edukes@alltel.net wrote:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of William L. Maltby Sent: Tuesday, June 13, 2006 7:41 AM To: CentOS General List Subject: Re: [CentOS] Changing from dynamic ip to static ip
On Mon, 2006-06-12 at 18:53 -0400, Thomas E Dukes wrote:
Hello,
I have been on a dynamic ip for about 5 years and have just
upgraded
to a static ip.
<snip>
I almost didn't mention it because it's so common a concern now, but just in case.
Static IP gives attackers a lot more leeway in their attempts to penetrate. Be sure your firewall (from ISP and iptables on CentOS machine) are now appropriate for your situation. With port 80 open, make sure your server stuff is kept up-to-date with security fixes. Make sure all services not needed are disabled. TCP wrappers (hosts.deny and hosts.allow) are up to snuff.
Hi Bill,
Thanks,
Yes, I have a firewall setup and also use denyhosts and fail2ban.
Thanks
HTH
Bill
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Tue, 2006-06-13 at 06:39 -0600, Joshua Gimer wrote:
/etc/sysconfig/networking/devices/ifcfg-eth0
He did already, I think. These are the same files as found in the network-scripts directory. They are hard-linked.
I mention only so there is no confusion thinking another set of files need updating.
Hmmm... if an ls -li of appropriate files shows a different inode, someone's messed up.
HTH
William L. Maltby spake the following on 6/13/2006 4:41 AM:
On Mon, 2006-06-12 at 18:53 -0400, Thomas E Dukes wrote:
Hello,
I have been on a dynamic ip for about 5 years and have just upgraded to a static ip.
<snip>
I almost didn't mention it because it's so common a concern now, but just in case.
Static IP gives attackers a lot more leeway in their attempts to penetrate. Be sure your firewall (from ISP and iptables on CentOS machine) are now appropriate for your situation. With port 80 open, make sure your server stuff is kept up-to-date with security fixes. Make sure all services not needed are disabled. TCP wrappers (hosts.deny and hosts.allow) are up to snuff.
HTH
I have a dynamic address at home, and according to the logs, it hasn't changed for over a year. So I think the firewall and TCP Wrappers stuff applies to ANY machine connected to the internet.
On Tue, 2006-06-13 at 10:34 -0700, Scott Silva wrote:
William L. Maltby spake the following on 6/13/2006 4:41 AM:
On Mon, 2006-06-12 at 18:53 -0400, Thomas E Dukes wrote:
Hello,
I have been on a dynamic ip for about 5 years and have just upgraded to a static ip.
<snip>
I almost didn't mention it because it's so common a concern now, but just in case.
Static IP gives attackers a lot more leeway in their attempts to penetrate.<snip>
I have a dynamic address at home, and according to the logs, it hasn't changed for over a year. So I think the firewall and TCP Wrappers stuff applies to ANY machine connected to the internet.
Yep. It's just that whenever someone makes the switch, someone else always remembers to say what I said, essentially. It's really like a gun: always assume it's loaded and handle with care. So too, regardless of static or dynamic, secure your setup. *But*, it's generally considered a little less risky to have a frequently changing IP.
BTW, my IP used to not vary much either. But now TW Cable here in the Piedmont/Triad Region has recently made some changes and it is changing more frequently now. I tend to defeat it, not on purpose *yet*, because I stay "up" for extended periods. But they are getting "smarter" (or stupider, depending on your goals) about it.
William L. Maltby spake the following on 6/13/2006 10:45 AM:
On Tue, 2006-06-13 at 10:34 -0700, Scott Silva wrote:
William L. Maltby spake the following on 6/13/2006 4:41 AM:
On Mon, 2006-06-12 at 18:53 -0400, Thomas E Dukes wrote:
Hello,
I have been on a dynamic ip for about 5 years and have just upgraded to a static ip.
<snip>
I almost didn't mention it because it's so common a concern now, but just in case.
Static IP gives attackers a lot more leeway in their attempts to penetrate.<snip>
I have a dynamic address at home, and according to the logs, it hasn't changed for over a year. So I think the firewall and TCP Wrappers stuff applies to ANY machine connected to the internet.
Yep. It's just that whenever someone makes the switch, someone else always remembers to say what I said, essentially. It's really like a gun: always assume it's loaded and handle with care. So too, regardless of static or dynamic, secure your setup. *But*, it's generally considered a little less risky to have a frequently changing IP.
BTW, my IP used to not vary much either. But now TW Cable here in the Piedmont/Triad Region has recently made some changes and it is changing more frequently now. I tend to defeat it, not on purpose *yet*, because I stay "up" for extended periods. But they are getting "smarter" (or stupider, depending on your goals) about it.
I like the loaded gun analogy, as I have many "bullet wounds" from the internet. Some of them were self-inflicted!
-
Joshua Gimer -
Mark Richards -
Scott Silva -
Thomas E Dukes -
William L. Maltby