cable/dsl
Rocky McGaugh
rmcgaugh at atipa.com
Wed Jun 14 15:56:18 CDT 2000
On 13 Jun 2000, Mike Coleman wrote:
> Tony Hammitt <thammitt at kc.rr.com> writes:
> > With linux, there is never any compelling reason (at home)
> > to have multiple NICs. I doubt that anyone needs a lot of
> > extra bandwidth. IP aliasing is ridiculously easy to set up,
> > so all those people who claim to need two NICs to run a
> > firewall are misinformed. Once DCHP is established, run
> > 'ifconfig eth0:1 <local IP address>' Now you can have a
> > static /etc/hosts files and place to forward IP packets to.
>
> Hmm, so you only have one NIC on your masquerading machine? This seems a
> little iffy. Doesn't that potentially allow traffic from your interior
> network to leak out onto RR's network (where it might be sniffed, etc)?
>
> --Mike
>
i agree that i also dont think this is sufficent. One rule that should
always be in your firewall scripts is to check that IP's are not being
spoofed (like a 10. coming in through your external interface). Although
both 'ipchains' and 'route' are supposed to fully support the ip aliasing
dev's, i have never gotten linux to correctly restrict things by aliased
devices. the "-i eth0:1" seems to act just like "-i eth0" to ipchains.
anyone else had different experiences? if there's some way to make it
work, i'd like to know..:)
--
Rocky McGaugh
rmcgaugh at atipa.com
More information about the Kclug
mailing list