No. 169.254.x.x only!
by verdyp - 7/27/06 11:31 AM
In Reply to: 169.x.x.x by kbennett50
Not all 169.x.x.x is for local use on LANs and not routed on Internet. Only 169.254.x.x is APIPA and used to configure PCs on a LAN where there's no DHCP server available to configure their local IP address.
The 169.254.x.x space is allocated by choosing an address randomly in that space, and testing if no other host replies to this address with some ICMP PING. If some other host is present at this address, it will reply using his own address as the source and the collision of addresses will be detected and reported, so that the conflicting PC will reconfigure itself and select another address until there's no more conflict.
Normally, you can't reach any host on the internet with such a local address, and Internet hosts can't reply to you if you attempt to connect to them.
Look into RFCs, this address space is for local use only.
On the opposite, the addresses like 198.x.x.x that you have on one PC is the one you get from an ISP when your PC is initiating an internet connection. This address that your PC gets allows it to talk with other hosts on the web, but they can only reach your host, not the others on the LAN, unless the connected PC shares its connection on the LAN by acting as a router, and the other hosts on the LAN use your connected PC as a router.
Anyway, running is local router on a PC of the LAN is a bad idea. Today, routers are cheap, and most DSL routers sold today contain a router which performs itself the DSL connection to Internet and implement the conection sharing using a separate link to the LAN. They also implement a firewall to protect your LAN, and a DHCP server to configure hosts on the LAN instead of using the (lengthy) APIPA space which is not reliable.
Consider changing your DSL modem for a new one or buy a router; that's not so expensive and there are many advantages (including for your PCs that can boot much faster and work in a LAN easily, even when the Internet connection is not available for whatever reason). But remember that some Ethernet-to-Ethernet routers are sometimes more expensive to add, and more complicate to use, than just replacing the modem with a new model that has a builtin router.
What I said about DSL is also valid for Cable connections; there are Ethernet-to-Ethernet routers that know how to initiate a PPP or PPTP tunnel to connect to the Internet. Only that router will get a public IP address accessible from Internet. All hosts in your LAN will have a local-only (but stable) IP address configured very fast with the built-in DHCP server of the router. The router will also contain a DNS proxy, so that PCs on the LAN will not need to be configured for the DNS, even when the Internet connection is lost and reconected: the PCs on the LAN will use the router's local address as their DNS server, and this address won't change.
This also means that PCs on the LAN can be configured statically, with permanent IP address, fast boot time, permament connections to local services (like file shares, printers, multimedia servers, LAN supervision service, central management of various utilities, live discussions between hosts on the LAN...) without them being disconnected and reconnected and reconfigured when the router has its Internet connection temporarily closed and restarted.
Note also that many ISPs now offer the modem with builtin router, builtin WiFi hostspot, sometimes also a BlueTooth hostspot for connecting cameras or mobile phones, and some other services. Don't miss those great devices. Although their builtin firewall have limited functionality, they are extremely resistant to software attacks and can't be easily reconfigured by any virus that may exist somewhere on PCs of your LAN.
So this firewall (based on NAT routing, plus some builtin rules that are preconfigured to block the access to the most sensitive services running on your LAN like file servers, made inaccessible from the outside), is a great thing that will completely avoid your PC to manage most of the incoming traffic. You may still need a local software firewall, but this is only to protect against a few malwares that may be installed on the LAN (most often hidden in trojan programs).
The second interest is that the external router runs a different OS (not Windows, but most often VXworks or a limited Linux kernel, or a Cisco realtime OS, and in some cases, some routers integrate two parallel OSes with one running as a virtual service of the second one, for even greater security!) than your PC, so breaking into your PCs will requiring breaking two OSes with different design, something extremely difficult to target by virus and malwares.
Was this reply helpful? (0) (0)