Static IP, what can you do for me?
March 1, 2007 5:17 AM Subscribe
New ISP offers static IP addresses. Should I take 1 or 8? What can I use them for? Should I be concerned about the RIPE database?
I'm about to switch my ADSL connection over to a new ISP (UKFSN, approximate speed should be 2-7 Mb down, 400K up). I've always had a dynamic IP address, but the new provider assigns a single static IP as standard (and if I want I can have 8 IPs for free). It raises a few questions for me:
Applications: What cool things can I do with a static IP address, especially in terms of accessing my LAN from a remote location? What are the best free applications that you've found for doing said things? Is there a way I can get media from my FreeNAS server to my laptop while travelling? Are there any particular security or privacy concerns with a static IP, and how do you deal with them?
8 IPs or 1: I've got a decent router/firewall/modem combo providing NAT and DHCP. I don't currently run my own web or mail servers. Is it worthwhile getting a 8 IP addresses (since it's free) or should I just get one? What could I use them for?
RIPE database entry: Checking through the ISP's T&Cs, I noticed a line stating that if you do request 8 or more IP addresses they may forward your details for entry into the RIPE database. Looking up my current (dynamic) IP in the database gives me my ISP's details, but what sort of information would be held about a home user with static IPs? Are your personal details entered into the administrator fields, for example? What could be discovered about an individual from a lookup? I don't plan to use the connection for nefarious activities and I'm not a political activist nor trading international secrets. but I'm slightly concerned about the privacy implications. Should I be?
Router MAC address: My (wired) router allows me to specify a MAC address instead of using the unit's own address. I've got a handful of MAC addresses from old machines at my former workplace (picked up years ago but never used - the machines/NICs in question will all have been retired/junked by now). Is there any value at all to me intermittently changing the MAC address of my router (assuming that my connection doesn't rely on continued use of the original address, as some do)?
I'm about to switch my ADSL connection over to a new ISP (UKFSN, approximate speed should be 2-7 Mb down, 400K up). I've always had a dynamic IP address, but the new provider assigns a single static IP as standard (and if I want I can have 8 IPs for free). It raises a few questions for me:
Applications: What cool things can I do with a static IP address, especially in terms of accessing my LAN from a remote location? What are the best free applications that you've found for doing said things? Is there a way I can get media from my FreeNAS server to my laptop while travelling? Are there any particular security or privacy concerns with a static IP, and how do you deal with them?
8 IPs or 1: I've got a decent router/firewall/modem combo providing NAT and DHCP. I don't currently run my own web or mail servers. Is it worthwhile getting a 8 IP addresses (since it's free) or should I just get one? What could I use them for?
RIPE database entry: Checking through the ISP's T&Cs, I noticed a line stating that if you do request 8 or more IP addresses they may forward your details for entry into the RIPE database. Looking up my current (dynamic) IP in the database gives me my ISP's details, but what sort of information would be held about a home user with static IPs? Are your personal details entered into the administrator fields, for example? What could be discovered about an individual from a lookup? I don't plan to use the connection for nefarious activities and I'm not a political activist nor trading international secrets. but I'm slightly concerned about the privacy implications. Should I be?
Router MAC address: My (wired) router allows me to specify a MAC address instead of using the unit's own address. I've got a handful of MAC addresses from old machines at my former workplace (picked up years ago but never used - the machines/NICs in question will all have been retired/junked by now). Is there any value at all to me intermittently changing the MAC address of my router (assuming that my connection doesn't rely on continued use of the original address, as some do)?
My ISP account includes two static IPs. For a while I used both: One for the household intranet, one for a project server. When consumer-grade routers became cheap enough and good enough to set up port tunneling fairly easily, the second IP was unnecessary.
If you live in an urban or suburban area, you could try something wacky like set up two wireless routers. Use one for yourself and sell access to the other to your neighbors. This might violate your terms of service. But that's about all I can think up.
posted by ardgedee at 5:48 AM on March 1, 2007
If you live in an urban or suburban area, you could try something wacky like set up two wireless routers. Use one for yourself and sell access to the other to your neighbors. This might violate your terms of service. But that's about all I can think up.
posted by ardgedee at 5:48 AM on March 1, 2007
get all 8 and have fun, why not?
even if you don't want to run so many physical machines, you may consider running a few virtual environments.
in addition, I would recommend assigning 1 of the IP addresses to a stable hardcore router/firewall such as pfsense or m0n0wall which both have the benefit that you can simply bridge the LAN-side to the WAN-side (and have the WAN-side answer for all 7 additional static IPs that are behind the "LAN" side, doing away with NAT entirely) while still being able to firewall effectively.
if you are concerned about being in RIPE, just get 7 addresses. to be honest I am not so familiar with RIPE but I do know that ARIN often still only publishes the ISP rather than the block owner, even in some cases of large blocks.
and now that you are completely static, faking MAC addresses should not be necessary anymore.
posted by dorian at 6:19 AM on March 1, 2007
even if you don't want to run so many physical machines, you may consider running a few virtual environments.
in addition, I would recommend assigning 1 of the IP addresses to a stable hardcore router/firewall such as pfsense or m0n0wall which both have the benefit that you can simply bridge the LAN-side to the WAN-side (and have the WAN-side answer for all 7 additional static IPs that are behind the "LAN" side, doing away with NAT entirely) while still being able to firewall effectively.
if you are concerned about being in RIPE, just get 7 addresses. to be honest I am not so familiar with RIPE but I do know that ARIN often still only publishes the ISP rather than the block owner, even in some cases of large blocks.
and now that you are completely static, faking MAC addresses should not be necessary anymore.
posted by dorian at 6:19 AM on March 1, 2007
Well, using Network Address Translation, you can do a lot with one IP address, but unless you plan on doing a bunch of site-hosting from home, eight seems like overkill. And it's not quite enough to play IP-based "Hunt the Wumpus."
As to privacy, if you register a site, you'll be going into some big database, anyway, so I wouldn't worry about RIPE unless your mother took a hastily-removed tranquilizer during pregnancy, and you find yourself dialing into your home server with your mind.
posted by adipocere at 6:46 AM on March 1, 2007 [1 favorite]
As to privacy, if you register a site, you'll be going into some big database, anyway, so I wouldn't worry about RIPE unless your mother took a hastily-removed tranquilizer during pregnancy, and you find yourself dialing into your home server with your mind.
posted by adipocere at 6:46 AM on March 1, 2007 [1 favorite]
You could use them for a IP based security camera system
posted by ReiToei at 7:17 AM on March 1, 2007
posted by ReiToei at 7:17 AM on March 1, 2007
I have 5 static IPs on my home machine, but I only ever use 1. I just use NAT to let my client computers inside get out, and I use a bit of port forwarding to route incoming connections to my one server. I used to run my blog, SMTP, etc out of my DSL but have slowly migrated them over to a server in a datacenter.
The only reason I could see to use more than one static IP is if you wanted to run more than one server. But DSL is kind of slow, and you need a firewall for each IP, and in general it just was overkill for me.
posted by Nelson at 9:29 AM on March 1, 2007
The only reason I could see to use more than one static IP is if you wanted to run more than one server. But DSL is kind of slow, and you need a firewall for each IP, and in general it just was overkill for me.
posted by Nelson at 9:29 AM on March 1, 2007
Router MAC address. Is there any value at all to me intermittently changing the MAC address of my router
No, no, no. You misunderstand the layers of networking.
There's the physical layer: Electricity flowing across metal or the fineness of the surface of a clay tablet, e.g.
Then, there's the link layer: Token-ring, or Ethernet, or Xs and Os inscribed on the clay tablet. This is where a MAC address might be used, if you are using Ethernet. Most of the links in the Internet aren't. The link layer is just a mechanism for two directly connected devices to signal across the phsical layer.
Then, there are higher levels, that probably span several links. IP is one such layer. It doesn't care a whit about the details of the links. It, like most networking protocols, are designed so that they work for any link layer. Read RFC 1149, one of the April Fool's RFCs, which mentions some of the unusual characteristics of using carrier pigeons to carry clay tablets that transport IP, e.g..
The most important thing you must understand is that the layers do not interact. A higher level depends on the lower levels to exist and to deliver the content, but that's all.
A friend has a guitar that speaks Ethernet to other devices, but it's not using IP. When two computers use PPP to conenct over a modem, they're speaking IP but no Ethernet is involved. The layers are not related.
posted by cmiller at 11:38 AM on March 1, 2007
No, no, no. You misunderstand the layers of networking.
There's the physical layer: Electricity flowing across metal or the fineness of the surface of a clay tablet, e.g.
Then, there's the link layer: Token-ring, or Ethernet, or Xs and Os inscribed on the clay tablet. This is where a MAC address might be used, if you are using Ethernet. Most of the links in the Internet aren't. The link layer is just a mechanism for two directly connected devices to signal across the phsical layer.
Then, there are higher levels, that probably span several links. IP is one such layer. It doesn't care a whit about the details of the links. It, like most networking protocols, are designed so that they work for any link layer. Read RFC 1149, one of the April Fool's RFCs, which mentions some of the unusual characteristics of using carrier pigeons to carry clay tablets that transport IP, e.g..
The most important thing you must understand is that the layers do not interact. A higher level depends on the lower levels to exist and to deliver the content, but that's all.
A friend has a guitar that speaks Ethernet to other devices, but it's not using IP. When two computers use PPP to conenct over a modem, they're speaking IP but no Ethernet is involved. The layers are not related.
posted by cmiller at 11:38 AM on March 1, 2007
This thread is closed to new comments.
If you're only trying to do personal private use, the safest way to do this is set your router/firewall/modem to tunnel a single port through to a computer which hosts VPN stuff and then VPN in from wherever you're travelling to.
As for privacy, you're probably not much different off than with a dynamic IP - it's unusual that an ISP would reveal personal information about any of it's customers regardless of network configuration. Multiple accounts of yours can be more easily linked together if a bunch of site admins collude to do so.
There's not really any point in changing your MAC address.
Web and mail and game servers are probably the most popular things to do with static IP's. But you don't seem to be interested in those - good. I advise against serving up stuff over DSL, just spring for the hosting. It sucks when your DSL falls over and suddenly nobody can send you email.
posted by aubilenon at 5:33 AM on March 1, 2007