Two DHCP servers are not coexisting on the switch. The switch must have a hard IP address. A local IP address, mind you. The external IP address provided by your ISP is not assigned to the switch, it is assigned to the router. The router is the gateway device on your network, not the switch. It doesn't matter that the WAN is connected to the switch and not the router directly, because the switch is just a bridge. It just passes the packets along, it doesn't make any decisions about where they should go. All decisions are made by the router using static routing tables.

Well, let me make one correction to what I said in one of the posts: You aren't going to be able to assign IP address based on switch port. I got too caught up in what I was trying to describe and didn't pay enough attention to what I was actual writing. Other than doing that, I was just talking about using a switch as an Ethernet bridge and any switch can do that.


I don't see the problem. The switch is just a bridge, it just passes stuff along. The ISP network is connected to the switch, but all packets are just passed to your router. The router requests an IP from the ISP's DHCP server and it is passed through the switch back to the router. A device on your LAN requests 10.10.10.0/24 and it is passed through the switch to your router. Same with a request for 192.168.10.0/24. Now you may not be able to isolate your networks by Ethernet port, since you won't actually know what switch port a device is connected to, but you will be able to use MAC addresses to control what IP address a device is assigned and you will be able to control what networks a given IP address can communicate with via routing.


Well, I am talking about routing by IP address not physical interface. If you absolutely have to do control by physical interface, than my solution will not work. That said, the routing solution I propose seems to be fully supported by Shorewall -- look at this. I believe the same can be said for pretty much every popular firewall package.

Yes, it passes the DHCP requests from your clients along to the modem. This is.. not wanted behaviour.

You can get minipci ide or SATA cards. I've need for PCI slots, so can't use it unfortunately.

You are correct. I wasn't thinking this through properly. Single port router really only works for all-static IP configuration. DHCP is probably too useful to live without, so that consigns my idea to niche implementations. Oh well . . . I guess if you want to build your own router you just got to pony up for a board with two Ethernet ports. Thanks for setting me straight.

The MSI Fuzzy 945GME2 looks like it might be another option for you.

No mini-PCIe; but it does manage to cram in a PCI slot, a PCIe x16 slot, and a PCIe x1 slot.

Can you run Windows firewall alongside McAfee firewall or is it detrimental to the operation of the system? I have running the Windows XP firewall, alongside my McAfee firewall and associated products. By running 2 firewalls alongside each other, is it to the detriment of the system?
______________________
matrimonial magazine

This is quite the thread! Allow me weigh in on a few things...

@jessekopelman/Monkeh16
Managed switches, especially 100mbit, are very easy to come by. I'm in the business so I get some (HP 2424M) from contacts I know, but some I pick up as the local college/businesses upgrade their network and hand off the old switches to surplus outlets (HP 4000M + modules, BayStack 350T, and a couple Cisco 10mbit). Sure, they don't have anywhere near the protocol support that a modern, more expensive switch has (even my Powerconnect 5324 puts it to shame), but they usually have the things you need to run a decent home network (link aggregation, spanning tree, and of course, VLAN support).

@zprst
I am surprised you don't like the Via. I don't have that particular model, but I own two EPIA boards (one is a C3, the other is a C7) and they have worked almost flawlessly. There was an issue with VLAN tagging on the C7 machine being sent in the wrong endian (VT6122 controller), but a quick PR to the FreeBSD team got that fixed right away. It runs with 9K jumbo frames, hardware VLAN tagging, polling, etc., with no issues. The SN10000EG does use a different controller (VT6130), and I don't run Linux, so I can't comment on that particular situation, but these boards have been amazing for me, particularly for their hardware crypto.

100Mbit, yes. Gigabit is much harder (to the tune of several hundred pounds). And if you want to mix MTUs in a simple manner, you can tack another 50% on that for a layer-3 switch.

Yes, but very very few home networks need a gigabit switch. Also, the OP was running a Linux router so L3 switch isn't necessary.