Date: Tue, 07 Aug 2001 13:53:42 -0600 From: Brett Glass <brett@lariat.org> To: Fernando Schapachnik <fschapachnik@vianetworks.com.ar>, "Douglas G. Allen" <dallen@roe35.lth2.k12.il.us> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipfw question Message-ID: <4.3.2.7.2.20010807134456.049034f0@localhost> In-Reply-To: <20010807112610.H34971@ns1.via-net-works.net.ar> References: <200108070919280409.008598DB@mail.roe35.lth2.k12.il.us> <200108070719460362.001801FC@mail.roe35.lth2.k12.il.us> <200108070919280409.008598DB@mail.roe35.lth2.k12.il.us>
next in thread | previous in thread | raw e-mail | index | archive | help
At 08:26 AM 8/7/2001, Fernando Schapachnik wrote: >En un mensaje anterior, Douglas G. Allen escribió: >[...] >> The ifconfig's are set up so that fxp0 is IP a.b.c.d netmask >> 255.255.255.192 and fxp0_alias is a.b.c.e netmask 255.255.255.255. > >255.255.255.255 is an invalid netmask (I don't even know why ifconfig >didn't rejected it). Not correct. A netmask of all 1's is legal; it effectively establishes a "host route" within the machine so that outbound packets are delivered to that interface as efficiently as possible. Remember that the internal routing table in a TCP/IP stack is laid out (and is searched) from specific to general, with the default route being the most general (it has a mask of all zeroes). Host routes, because they are the most specific routes possible, are checked first. Using the netmask of the overlaid network won't necessarily cause things to fail (it depends upon what else is in the routing table), but will slow things down. By the way, this is really OT for this list because it doesn't involve security. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20010807134456.049034f0>