3 nics - 1 bridge - 2 ips - bad?

From: Eric Anderson (anderson@centtech.com)
Date: 06/27/01

• Next message: Joseph Gleason: "Re: 3 nics - 1 bridge - 2 ips - bad?"
• Previous message: David Wolfskill: "RE: disable traceroute to my host"
• Next in thread: Joseph Gleason: "Re: 3 nics - 1 bridge - 2 ips - bad?"
• Reply: Joseph Gleason: "Re: 3 nics - 1 bridge - 2 ips - bad?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 27 Jun 2001 11:46:15 -0500
From: Eric Anderson <anderson@centtech.com>
To: freebsd-security@freebsd.org

Lets say I have 3 NIC's in a machine running FreeBSD 4.2.
Is it possible to have this sort of configuration:
xl0 - 200.200.200.200 - [interface 1 of bridge0]
xl1 - NO IP - [interface 2 of bridge0]
xl2 - 192.168.10.10 - not part of any bridge

the 200.200.200.200 number is of course made up, but signifies an
interface on the unprotected net. The 192.168.10.10 interface is also
made up, showing an interface on the protected internal net. Now, the
xl1 interface is bridged to xl0, creating a port for passing thru to the
unprotected net that xl0 is on. Is there any inherent security flaws in
this configuration (besides having a possible computer plug into the xl1
port and not being behind a firewall), assuming it works at all?

Thanks in advance..

Eric

-- 
-------------------------------------------------------------------------------
Eric Anderson	 anderson@centtech.com    Centaur Technology    (512)
418-5792
For every complex problem, there is a solution that is simple, neat, and
wrong.
-------------------------------------------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Joseph Gleason: "Re: 3 nics - 1 bridge - 2 ips - bad?"
• Previous message: David Wolfskill: "RE: disable traceroute to my host"
• Next in thread: Joseph Gleason: "Re: 3 nics - 1 bridge - 2 ips - bad?"
• Reply: Joseph Gleason: "Re: 3 nics - 1 bridge - 2 ips - bad?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages 2.6.18.3 Lockup on Athlon MP ... I am sure it's not just a hardware issue, though, ... as well as the kernel configuration I am using. ... # ACPI (Advanced Configuration and Power Interface) Support ... (Linux-Kernel) Slow Point to Point T1 Access Please Help ... interface FastEthernet0/0 ... DRAM configuration is 64 bits wide with parity disabled. ... minute output rate 7000 bits/sec, 7 packets/sec ... output buffer failures, ... (comp.dcom.sys.cisco) Re: Slow Point to Point T1 Access Please Help ... interface FastEthernet0/0 ... DRAM configuration is 64 bits wide with parity disabled. ... minute output rate 7000 bits/sec, 7 packets/sec ... output buffer failures, ... (comp.dcom.sys.cisco) Re: T1 lines go mad ... >> Can you post the interface configs as well as a show interface for each ... > Building configuration... ... > 0 output buffer failures, ... (comp.dcom.sys.cisco) Cisco 857 Ethernet0 wont stay up unless constant ping is done. ... Current configuration: 5525 bytes ... interface ATM0.1 point-to-point ... ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload ... transport preferred all ... (comp.dcom.sys.cisco)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2001-06