Administrator’s Handbook
76
DHCP address serving can automatically serve the WAN IP address to a LAN computer.
When
DHCP
is used for addressing the designated passthrough PC, the acquired or configured WAN address is
passed to DHCP, which will dynamically configure a single-servable-address subnet, and reserve the address for
the configured PC’s MAC address. This dynamic subnet configuration is based on the local and remote WAN
address and subnet mask.
◆
The two
DHCP
modes assign the WAN IP information needed to the client automatically.
• You can select the MAC address of the PC you want to be the IP Passthrough client with
fixed
mode,
or,
• with “first-come-first-served” –
dynamic
– the first client to renew its address will be assigned the WAN IP.
◆
Manual
mode is like statically configuring your PC. With Manual mode, you configure the
TCP/IP Properties
of the LAN client PC you want to be the IP Passthrough client. You then manually enter the WAN IP address,
Gateway Address, etc. that matches the WAN IP address information of your Motorola Gateway. This mode
works the same as the DHCP modes. Unsolicited WAN traffic will get passed to this client. The client is still
able to access the Motorola Gateway and other LAN clients on the 192.168.1.x network, etc.
◆
The
Passthrough DHCP Lease
– By default, the passthrough host's DHCP leases will be shortened to two
minutes. This allows for timely updates of the host's IP address, which will be a private IP address before the
WAN connection is established. After the WAN connection is established and has an address, the passthrough
host can renew its DHCP address binding to acquire the WAN IP address. You may alter this setting.
◆
Click
Save
. Changes take effect immediately.
A restriction
Since both the Gateway and the passthrough host will use the same IP address, new sessions that conflict with
existing sessions will be rejected by the Gateway. For example, suppose you are a teleworker using an IPSec tun-
nel from the Router and from the passthrough host. Both tunnels go to the same remote endpoint, such as the
VPN access concentrator at your employer’s office. In this case, the first one to start the IPSec traffic will be
allowed; the second one – since, from the WAN, it's indistinguishable – will fail.