Re: Best IP configuration for OpenBSD firewall/router

From: Ansgar Wiechers (bugtraq_at_planetcobalt.net)
Date: 08/19/03

  • Next message: Edward Rustin: "RE: Best IP configuration for OpenBSD firewall/router" 
    Date: Tue, 19 Aug 2003 11:28:53 +0200
To: security-basics@securityfocus.com

    On 2003-08-18 Arturo Buanzo Busleiman wrote:
    > From: Damon McMahon [mailto:inst_karma@hotmail.com]
    > > The easy option seems to put it on the same subnet, say
    > > 192.168.0.254 (since 192.168.0.1 is already taken by the existing
    > > Windows 2000 gatway); everything communicates with everything in
    > > this configuration.
    >
    > Well, everything communicates with everything at MAC (not IP) level,
    > taking switches/hubs into account (check ettercap.sf.net). The subnet
    > change owuld only have a meaning at the IP level. Anyway, it's still a
    > router, and so it does still get all the packets, entering and leaving
    > the router :).

    I think you're wrong.

    Your clients will have to have at least one default gateway specified (I
    had to learn there can be more ;), so they will know where to send all
    those packets, whose destination is not inside their own network (here:
    192.168.0.0/24). This default gateway must have an address from within
    the clients' network, otherwise it won't be reachable from the client
    (or there would be no need for such things as routers ;), and I would
    expect the clients to rather refuse sending the packet than broadcasting
    it.

    Or am I missing something here?

    Regards
    Ansgar Wiechers

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Edward Rustin: "RE: Best IP configuration for OpenBSD firewall/router"

    Relevant Pages

    • Re: Weird net connection problem
      ... across the Internet) to throttle or not the traffic). ... Depends how many packets in your connection are lost. ... you connect to some ISP via a router (not a home ADSL one, I should add, ... be advertising to the rest of the Internet, the address of your network, ...
      (uk.comp.sys.mac)
    • Re: Email POP relay
      ... > it to POP or IMAP clients on the network. ... by the router by one and assign that one statically to the mailhub. ... some more modern router boxes will do some form of dynamic DNS on the ...
      (comp.os.linux.networking)
    • Re: Strange networking problems after update 5.2.1->5.3
      ... I cannot ping it even from a host connected to the same ... My network at home is somewhat simpler (192.168.1.0/24 is local, ... is another notebook that is acting as NAT and default router). ... not even the obviously outgoing ping packets. ...
      (freebsd-stable)
    • Re: Nmap questions concering my router
      ... It's a bit off topic - but down at the Ethernet level, the packets are ... so your router masquerades for you. ... it may differ from other applications - we just send data to a network ... >> the Ethernet header is the MAC address of the 10.0.0.138 interface. ...
      (comp.security.firewalls)
    • Re: Setting up Airport Express
      ... from your local network to the internet. ... My Ethernet switch routes packets too, ... a router understands IP and knows how to forward IP ...
      (uk.comp.sys.mac)