On Sun, 31 Mar 2002, Paul M Foster wrote:
> Can't help you here. I use /etc/hosts for names, since there are only
> three machines turned on on the LAN. I only dhcpcd for getting my IP
> from Verizon.
I guess for 99% of the time this will work just fine. Even though the
machines on the LAN are getting IPs via DHCP they probably don't change
that often, so /etc/hosts should be *mostly* accurate.
A lookup from machine A may first go to /etc/hosts to see if it's in there
and, if not, go to the nameservers listed in /etc/resolv.conf (which is
populated via DHCP) which are the ISP nameservers. (This is the way I
imagine it works.)
> Of course, that begs a different question. Since, even with ipchains,
> packets come to the internet IP, how does the router know which LAN
> machine to route the packet to? I assume that the MAC address of the NIC
> is involved or something. Bottom line is that I assume that there is
> something in the answer packets that gives a clue (besides the
> non-routable IP of the LAN machine) to where a packet gets routed. If
> that's the case, then the question of "how long" the firewall waits is
> moot.
I'm guessing the following series of steps happen:
o LAN machine sends a packet to internet machine.
o The packet gets routed through firewall machine which
remembers that it came from LAN machine.
o Internet machine replies with a packet that arrives at
firewall machine.
o Firewall machine remembers that a packet was sent from
LAN machine to internet machine and sends the reply to
the correct LAN machine.
I guess the firewall/router would check to see if LAN machine accepted the
packet (which brings up the case of UDP) and, if it rejected the packet,
the firewall/router would turn off "accepting" further packets from the
internet machine.
Regardless, people more knowledgable than I figured out how to do all this
stuff, I'm just curious as heck as to how it really works. [shrugs]
Paul Braman
aeon@tampabay.rr.com
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:03:38 EDT