hardware firewall do i enable dhcp for router or for cable modem

Discussion in 'other firewalls' started by winterlord, Oct 6, 2009.

Thread Status:
Not open for further replies.
  1. winterlord

    winterlord Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    175
    hello i am wondering wich is more secure. would it be more secure for the firewall to be the dhcp server,
    or for the comcast modem to be the dhcp server.


    thanks
    winter
    .
     
  2. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,274
    Only a computer (yours, some server box), a router or a DSL or cable box can be a DHCP server.
    A firewall is an application that watches packets. It cannot be a server issuing IP addresses.
    If all you have is a comcast modem, most likely this is your DHCP server.
    Then again it might be only a signal translator.
    In which case, some comcast server is your DHCP server.

    If you do Start, Run, type cmd, hit enter
    and then type in ipconfig /all
    it will tell what you now have, so post it here and people are likely to help you.

    Edited: cable modem can likely be setup to just translate electrical signals and not be a DHCP server. Then the router picks up the signals and can do the proper things, so I would make the router a DHCP server for the computer. If you have to have the modem be a DHCP server, make it a server for one device, which is your router, then the router can issue internal addresses to the computer(s).
     
    Last edited: Oct 10, 2009
  3. winterlord

    winterlord Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    175
    well i actualy have a cisco small buisnes series firewall/router. its everything shorta of a asa firewall it does quit a bit. thats why i was wondering i know there can only be one dhcp, so i was wondering if the cable modem was configured as dhcp (and it has that feature) if doping that would make it see only one device on the network, adding more security to my the 2 computers that would be behind the firewall since maybe if hackers could see just one device. but idk. i just wondered what would make me safer online. the cable model being the dhcp, and the the high end buisness firewall/router/vpn be the client.

    also it does radius wich says in the help section of the manual that that adds another layer of security but not sure if that requires another pc or not. that will be my next task lol
     
  4. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Cable modem passes public IP to the WAN interface of your router.
    Your router will run a DHCP service for the LAN side (your private network)
    Yes 1x DHCP server per network, but your router will keep it separate.

    Let your Linksys/Cisco router do its job, leave DHCP service enabled, not reason to nix it unless you run a full blow server on your network...in which case you'd want to run DHCP from the server instead.
     
  5. winterlord

    winterlord Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    175
    somthin you said got me confused for a second, you mentioned let the router do its job and that the router would run dhcp, but it would keep itself seperate so was wondering if i understood you right then my modem can be dhcp for the wan? and the router dhcp for the lan?

    or is it just one dhcp for router and cable modem?

    by default the router has dhcp turned off, and the cable modem has dhcp turned on. its a comcast modem, i called and asked them twice but they seemed to be not a 100% sure, then i relized that the cable company would prolly tell me whats best for them, in this economy and all. so im just excluding whatever they said.

    but you mentioned the cable modem would broadcast the public wan ip? but since i disabled the dhcp in modem and enabled it in router, im wondering if that is bad cause my theory is that my router would now broadcast to the wan, the internal stucture of my network wich consist of 2 computers, wich if so then i dont want my private network broadcasting the internal network configurations. have a corprate firewall i would assum if i am any stretch of the imagination correct, i would assume it make me a bigger target if a hacker ever did a port scan and wonder why i got a corprate router RVS4000
     
  6. tipstir

    tipstir Registered Member

    Joined:
    Jun 9, 2008
    Posts:
    830
    Location:
    SFL, USA
    Are you talking about the Comcast cable modem with a digital phone jack for VOIP A#### model Do you have that? Also for your home or business let the router handle the DHCP Server. If you have system running Windows Server 2003 or 2008 it can run as a DHCP Server with DNS and AD (Active Directory) Such a server can be setup also function as NAT. Unless you want to run a Domain were you are at this is another option. Otherwise most users just run Workgroup (TedsNet) for example for there LAN (local area network)

    That Router you had mentioned is very good for security measures you should use it!
     
  7. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    You'll get DHCP from your ISP, because your PC..or better yet...your routers WAN port, needs to get a public IP address from your ISP. Some business grade accounts are "static", but many are dynamic, as well as bridged DSL and PPPoE 'n stuff. The DHCP is usually your cable ISP. In some DSL setups where you get little combo modem/routers, those run a DHCP service by default. The comcast modem isn't a DHCP server unless it's unprovisioned and doens't have a valid public IP address to hand out, in which case it defaults to handing out a 192.168.100.xxx address which will get you no-where but the modem config page. Your public IP address comes from Comcast. Unless you're talking about the SMC "Gateway" you get from Comcast with their business level accounts. But that's not a modem, it's a combo modem/router..called a gateway appliance.

    Your ISP will pass a valid public IP to a device plugged into their "modem"....usually just 1x IP because most accounts are single IP accounts. But you can have a multiple IP account...like a block of 5x IPs from your ISP, such as many business level accounts have.

    Your router will usually by default run DHCP, but in many business networks with a full network and server we prefer to let the server run DHCP for various reasons of active directory 'n stuff, and disable DHCP on the router. Little home networks and workgroup/peer to peer networks DHCP from the router is fine.

    Routers running as a gateway to the internet, which most do, there's 2x networks..1 on each side. The internet on the "wild side", and the private LAN on the "trusted inside". DHCP doesn't flow from the internet to the internal network, things are blocked by the NAT firewall and routing. There's no security risk here..none.

    Having a SOHO/SMB grade RVS4000 would not in my opinion advertise "come hack me I'm important". Hackers look for easy prey, easy opportunity. They'll only spend time on things they deem important and worthwhile.
     
Loading...
Thread Status:
Not open for further replies.