-1

I have a home modem/router/gateway. To make it less findable with hard-coded bad-actor scripts running inside my network, I wanted to put the modem/gateway IP address in the middle of the DHCP pool of addresses instead of ".1" (10.0.0.50, with a DHCP pool of 10.0.0.40-10.0.0.200).

The modem won't let me. I get one of two errors. If I put the modem at the edge of the DHCP pool, I get "The Beginning IP Address cannot be the same as the modem IP address." If I put the gateway somewhere else in the DHCP pool, I get, "The modem IP address cannot be between the beginning IP address and the ending IP address."

Now I know why everybody is pushed to put their modem at x.x.x.1. If it goes anywhere else, otherwise usable subnet IP addresses are sacrificed from the DHCP pool. Arghh...

I can't think of a technical reason my gateway shouldn't be able to live in the middle of the DHCP range. Is this just a limit of my device, or is there some technical reason regardless of network hardware vendors? What am I missing?

Brian
  • 1
  • 1

2 Answers2

2

I have a home modem/router/gateway. To make it less findable with hard-coded bad-actor scripts running inside my network, I wanted to put the modem/gateway IP address in the middle of the DHCP pool of addresses

What exactly is a "hard-coded bad-actor script"?

  1. If a rogue entity has access to your network, putting the router on an ip address other than the "default" isn't going to fool anybody.

  2. If a rogue entity has access to your network then you have bigger things to worry about than your router.

  3. You're tilting at windmills.

  4. Use an ip address close to the beginning or end of your network range, like .10 or .250.

  5. Surely losing a few addresses at the beginning or end of your network range isn't going to be an issue. Unless you have so many network devices as to need every single address in the network range to assign to these devices.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • 1
    To emphasize point 1, every device on the network _needs_ to know the router's IP address, and will typically get that information via DHCP on system boot. This is like "I'm not going to tell you the router's IP address, but if you need to reach the internet, use 10.0.0.50" – user4556274 Apr 26 '20 at 18:45
  • Joeqwerty, I hear your reply sort of as, "that's a silly question." Okay. I could explain more at the right time. In this context, however, the original question remains: is there a technical reason to forbid a modem address in the middle of the DHCP pool address space? – Brian Apr 26 '20 at 18:56
  • @user4556274, I agree with [others](https://dfarq.homeip.net/clean-malware-router), who identified that a lot of malware just assumes your router is at 192.168.0.1 or 192.168.1.1. If nothing is at those addresses to infect, then the malware just sits harmlessly." You can disagree with me. That's okay. To me, it's a bunch of bits and I am just trying to understand if there's any technical reason to justify forbidding arbitrary modem IP in the middle of my DHCP address space. – Brian Apr 26 '20 at 19:09
1

It's not that it cannot be in the middle of the range, but it cannot be in the range at all, as having the same address (possibly) assigned to another host would just make everything go haywire. It would work if you use 10.0.0.50 as its address and have 10.0.0.51 - 10.0.0.254 as the range (if it can accept more than one range, 10.0.0.1 - 10.0.0.49 is also usable), unless your router have some more silly checking.

In other words, perhaps you are not aware of the fact that its own address is statically assigned, but not assigned by its DHCP server.

Tom Yan
  • 715
  • 2
  • 9
  • 1
    Tom Yan, I understand the problem of duplicate IPs. However, that's a red herring. If a DHCP server can reserve (static-like) DHCP addresses for other device MAC addresses, certainly it could reserve it's own specified address from issuing to a second device. – Brian Apr 26 '20 at 19:12
  • Red herring doesn't even apply here. As I said, it does not ask the DHCP server for its own address. DHCP reservation (in terms of context, if you know what I mean) expects the reserved addresses to be leased by the server for some corresponding MAC addresses. Certainly you can reserve it for hosts that do not do DHCP and just assign them manually/statically, but you can also leave it out from the pool instead, which again, in terms of context, is the right thing to do, as the MAC addresses isn't really relevant to your goal (and that's the real red herring). – Tom Yan Apr 26 '20 at 19:37
  • And at the end of the day, it's all about how the firmware is written. If you are a router vendor, you can certainly write the firmware such that it checks the reservation table and allow the IP reserved for the router's own MAC to be assigned to the router (statically). But you see the clumsiness and silliness here? (It hardly even make sense.) Still, you can do it, if you are the vendor. Just like you can implement the DHCP server so that it can take multiple discrete ranges, btw. (Actually I think dnsmasq can do that, as long as you have access to the conf file.) – Tom Yan Apr 26 '20 at 19:41
  • And yes, as the other answer (may have) mentioned/implied, the whole "random one for router" simply isn't a proper approach for security whatsoever anyway. No one in the real world would want to fix problem like that, as it isn't a fix. – Tom Yan Apr 26 '20 at 19:45