Date: Wed, 9 Oct 2002 17:32:03 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: Paul te Bokkel <paul@tebokkel.com> Cc: Bill Moran <wmoran@potentialtech.com>, Thomas Quinot <thomas@cuivre.fr.eu.org>, freebsd-stable@FreeBSD.ORG Subject: Re: Setup routing entry for host with a non-local IP address Message-ID: <200210100032.g9A0W3lI023123@apollo.backplane.com> References: <20021009151733.GA15162@melusine.cuivre.fr.eu.org> <20021009210242.GA34352@tebokkel.com> <3DA49D72.6070205@potentialtech.com> <200210092201.g99M1YTA007964@apollo.backplane.com> <20021010001956.GA58085@tebokkel.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
:> inet 216.240.41.17 netmask 0xffffffc0 broadcast 216.240.41.63
:> inet 10.0.0.2 netmask 0xffffff00 broadcast 10.0.0.255
:> inet 216.240.41.21 netmask 0xffffffff broadcast 216.240.41.21
:
:That's what I said.. However, I would never use the above setup if
:it's supposed to be secure. Anyone with access to a machine in the
:41.1-41.62 range would be able to sniff the 10-net, which would not
:like. (maybe your setup allows for this, but I wouldn't mind the cost
:of a $6 el-cheapo NIC and a crosscable to get more secure, it's even
:cheaper than the time spend typing this mail ;-) ).
Uhh. I don't see how this can possibly make things more secure. If
the machine needs to be on both nets and someone breaks root on it,
having a second NIC isn't going to save you.
:But in the case of two physical interfaces on the same (physical)
:segment, you get ARP errors. With aliases, you don't.
:
:Regards,
:
:Paul
ARP errors? Only if you try to configure the same IP address on
the two interfaces.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210100032.g9A0W3lI023123>