Date: Tue, 03 Jul 2001 09:26:18 -0500 From: Eric Anderson <anderson@centtech.com> To: Joseph Gleason <clash@fireduck.com> Cc: Joseph Gleason <freebsd@fireduck.com>, freebsd-security@freebsd.org Subject: Re: 3 nics - 1 bridge - 2 ips - bad? Message-ID: <3B41D60A.79D8E6F7@centtech.com> References: <3B3A0DD7.87EDC7E@centtech.com> <006101c0ff2c$4d75bee0$0a2d2d0a@battleship> <3B3A17A9.5ADF75BA@centtech.com> <002201c0ff2e$fe7c4770$0a2d2d0a@battleship>
next in thread | previous in thread | raw e-mail | index | archive | help
Just FYI, it works great! Thanks.. Joseph Gleason wrote: > > I was wrong! Don't listen to my lies! > > I am told that bridging can indeed be enabled and disabled per port via some > sysctl call. > > With bridge compiled into the kernel: > > sysctl -A |grep bridge should give you the approriate parameter to play > with. > > ----- Original Message ----- > From: "Eric Anderson" <anderson@centtech.com> > To: "Joseph Gleason" <freebsd@fireduck.com> > Cc: <freebsd-security@FreeBSD.ORG> > Sent: Wednesday, June 27, 2001 13:28 > Subject: Re: 3 nics - 1 bridge - 2 ips - bad? > > > Thanks for the response.. I think you're correct here, I don't see > > anyway to only enable 2 out of 3 interfaces for bridging. Darn. Oh > > well, thanks! > > > > > > > > Joseph Gleason wrote: > > > > > > I think you might have a problem with the bridging. > > > > > > I'm not sure if you can bridge xl0 and xl1 without including xl2. I > could > > > be wrong > > > And you might be able to pull something off with IPFW rules to exclude > xl2 > > > from the bridging, but I wouldn't trust it. > > > > > > What you want certainly looks like two separate and possibly > incompatible > > > tasks. My advise would be have two machines do this if at all possible. > > > Machine one being your ethernet bridge. Machine two being the gateway > to > > > your protected network. > > > > > > ----- Original Message ----- > > > From: "Eric Anderson" <anderson@centtech.com> > > > To: <freebsd-security@FreeBSD.ORG> > > > Sent: Wednesday, June 27, 2001 12:46 > > > Subject: 3 nics - 1 bridge - 2 ips - bad? > > > > > > > Lets say I have 3 NIC's in a machine running FreeBSD 4.2. > > > > Is it possible to have this sort of configuration: > > > > xl0 - 200.200.200.200 - [interface 1 of bridge0] > > > > xl1 - NO IP - [interface 2 of bridge0] > > > > xl2 - 192.168.10.10 - not part of any bridge > > > > > > > > the 200.200.200.200 number is of course made up, but signifies an > > > > interface on the unprotected net. The 192.168.10.10 interface is also > > > > made up, showing an interface on the protected internal net. Now, the > > > > xl1 interface is bridged to xl0, creating a port for passing thru to > the > > > > unprotected net that xl0 is on. Is there any inherent security flaws > in > > > > this configuration (besides having a possible computer plug into the > xl1 > > > > port and not being behind a firewall), assuming it works at all? > > > > > > > > Thanks in advance.. > > > > > > > > Eric > > > > <-- SNIP --> -- ------------------------------------------------------------------------------- Eric Anderson anderson@centtech.com Centaur Technology (512) 418-5792 For every complex problem, there is a solution that is simple, neat, and wrong. ------------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B41D60A.79D8E6F7>