Re: 3 nics - 1 bridge - 2 ips - bad?
From: Eric Anderson (anderson@centtech.com)
Date: 06/27/01
- Next message: Joseph Gleason: "Re: 3 nics - 1 bridge - 2 ips - bad?"
- Previous message: Joseph Gleason: "Re: 3 nics - 1 bridge - 2 ips - bad?"
- In reply to: Joseph Gleason: "Re: 3 nics - 1 bridge - 2 ips - bad?"
- Next in thread: Joseph Gleason: "Re: 3 nics - 1 bridge - 2 ips - bad?"
- Reply: Joseph Gleason: "Re: 3 nics - 1 bridge - 2 ips - bad?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 27 Jun 2001 12:28:09 -0500 From: Eric Anderson <anderson@centtech.com> To: Joseph Gleason <freebsd@fireduck.com>
Thanks for the response.. I think you're correct here, I don't see
anyway to only enable 2 out of 3 interfaces for bridging. Darn. Oh
well, thanks!
Joseph Gleason wrote:
>
> I think you might have a problem with the bridging.
>
> I'm not sure if you can bridge xl0 and xl1 without including xl2. I could
> be wrong
> And you might be able to pull something off with IPFW rules to exclude xl2
> from the bridging, but I wouldn't trust it.
>
> What you want certainly looks like two separate and possibly incompatible
> tasks. My advise would be have two machines do this if at all possible.
> Machine one being your ethernet bridge. Machine two being the gateway to
> your protected network.
>
> ----- Original Message -----
> From: "Eric Anderson" <anderson@centtech.com>
> To: <freebsd-security@FreeBSD.ORG>
> Sent: Wednesday, June 27, 2001 12:46
> Subject: 3 nics - 1 bridge - 2 ips - bad?
>
> > Lets say I have 3 NIC's in a machine running FreeBSD 4.2.
> > Is it possible to have this sort of configuration:
> > xl0 - 200.200.200.200 - [interface 1 of bridge0]
> > xl1 - NO IP - [interface 2 of bridge0]
> > xl2 - 192.168.10.10 - not part of any bridge
> >
> > the 200.200.200.200 number is of course made up, but signifies an
> > interface on the unprotected net. The 192.168.10.10 interface is also
> > made up, showing an interface on the protected internal net. Now, the
> > xl1 interface is bridged to xl0, creating a port for passing thru to the
> > unprotected net that xl0 is on. Is there any inherent security flaws in
> > this configuration (besides having a possible computer plug into the xl1
> > port and not being behind a firewall), assuming it works at all?
> >
> > Thanks in advance..
> >
> > Eric
> >
> >
> >
> > --
> > --------------------------------------------------------------------------
> -----
> > Eric Anderson anderson@centtech.com Centaur Technology (512)
> > 418-5792
> > For every complex problem, there is a solution that is simple, neat, and
> > wrong.
> > --------------------------------------------------------------------------
> -----
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> >
-- ------------------------------------------------------------------------------- Eric Anderson anderson@centtech.com Centaur Technology (512) 418-5792 For every complex problem, there is a solution that is simple, neat, and wrong. ------------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Joseph Gleason: "Re: 3 nics - 1 bridge - 2 ips - bad?"
- Previous message: Joseph Gleason: "Re: 3 nics - 1 bridge - 2 ips - bad?"
- In reply to: Joseph Gleason: "Re: 3 nics - 1 bridge - 2 ips - bad?"
- Next in thread: Joseph Gleason: "Re: 3 nics - 1 bridge - 2 ips - bad?"
- Reply: Joseph Gleason: "Re: 3 nics - 1 bridge - 2 ips - bad?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
