cable/dsl

[Tony Hammitt]

Mike Coleman wrote:
> 
> Tony Hammitt <thammitt at kc.rr.com> writes:
> > With linux, there is never any compelling reason (at home)
> > to have multiple NICs.  I doubt that anyone needs a lot of
> > extra bandwidth.  IP aliasing is ridiculously easy to set up,
> > so all those people who claim to need two NICs to run a
> > firewall are misinformed.  Once DCHP is established, run
> > 'ifconfig eth0:1 <local IP address>'  Now you can have a
> > static /etc/hosts files and place to forward IP packets to.
> 
> Hmm, so you only have one NIC on your masquerading machine?  This seems a
> little iffy.  Doesn't that potentially allow traffic from your interior
> network to leak out onto RR's network (where it might be sniffed, etc)?

No, not really.  Since I have the switch, all of the packets from
the modem go into the DHCP address on the firewall.  My internal
network is 10.1.blah.blah so the routers won't forward any packets
bound for elsewhere on the LAN.  Internally, the switch takes
care of making sure no other boxes are seen.

So, I don't think any packets leak out since they are never
forwarded unless I forward them.  The system works fine.  I've
been port scanned on the firewall a couple of times, no one got
in and there is no evidence that the bastards knew about any
other boxes.  I would like to try out OpenBSD sometime for
firewalling, I'm pretty confident that it's more cracker proof.

Now if those pathetic crackers would grow up and become actual
people instead of stupid useless parasites, we could all get
more work done.

Regards,

Tony

> 
> --Mike
> 
> --
> Any sufficiently adverse technology is indistinguishable from Microsoft.