> Nothing to do with security. Folk on the outside only see your Internet
> IP, which can be static or dynamic. Neither dynamic IP nor even MAC
> based access list helps security, even on LAN/WiFi. You can sniff ARP
> packets to see which IPs & MACs are in use and spoof MAC later.
I think this is wrong,
you can't see arp traffic if you're not connected at the same layer
where arp is propagated, so you can't get mac address of a computer not
attached to the same switch (trunk) where you are ... so in the specific
case you're assuming were you have an external public IP and an internal
IP to be natted, you router which is also NATTING is actually
introducing a certain kind of security
> If you have a fixed small number of PCs then Static.
> Any servers or print servers want to be static.
> Port forwarding sort of needs static (see below).
static or dynamic depends on one-to-one or one/group-to-group
requirements, in fact ...
> You can use DHCP (which normally infers Dynamic) but with a MAC table.
> Then the clients can be DHCP (no per client config) yet from point of
> view of portforwarding look like static.
... this nothing seems to have in common with NAT ...
> My Internet IP is like this too. The modem uses DHCP to get IP & DNS &
> GW & SN, but the ISP makes sure based on Modem MAC that it is always the
... you have to use a dynamic NAT to masquerade on the outside your
internal IP addresses with a POOL of STATIC PUBLIC IP ADDRESSES or to
have a group of internal DYNAMICALLY or STATICALLY ASSIGNED PRIVATE IP
ADDRESSES translated into a single public IP
hope to be on the right way :+)
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!