From owner-freebsd-security  Tue Aug  7 14: 9:46 2001
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.org (lariat.org [12.23.109.2])
	by hub.freebsd.org (Postfix) with ESMTP id B41E037B505
	for <freebsd-security@FreeBSD.ORG>; Tue,  7 Aug 2001 14:08:32 -0700 (PDT)
	(envelope-from brett@lariat.org)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id PAA03167;
	Tue, 7 Aug 2001 15:08:03 -0600 (MDT)
Message-Id: <4.3.2.7.2.20010807134456.049034f0@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Tue, 07 Aug 2001 13:53:42 -0600
To: Fernando Schapachnik <fschapachnik@vianetworks.com.ar>,
	"Douglas G. Allen" <dallen@roe35.lth2.k12.il.us>
From: Brett Glass <brett@lariat.org>
Subject: Re: ipfw question
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <20010807112610.H34971@ns1.via-net-works.net.ar>
References: <200108070919280409.008598DB@mail.roe35.lth2.k12.il.us>
 <200108070719460362.001801FC@mail.roe35.lth2.k12.il.us>
 <200108070919280409.008598DB@mail.roe35.lth2.k12.il.us>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 08:26 AM 8/7/2001, Fernando Schapachnik wrote:
  
>En un mensaje anterior, Douglas G. Allen escribió:
>[...]
>> The ifconfig's are set up so that fxp0 is IP a.b.c.d netmask
>> 255.255.255.192 and fxp0_alias is a.b.c.e netmask 255.255.255.255.
>
>255.255.255.255 is an invalid netmask (I don't even know why ifconfig
>didn't rejected it). 

Not correct. A netmask of all 1's is legal; it effectively establishes
a "host route" within the machine so that outbound packets are delivered 
to that interface as efficiently as possible. 

Remember that the internal routing table in a TCP/IP stack is laid out
(and is searched) from specific to general, with the default route
being the most general (it has a mask of all zeroes). Host routes, 
because they are the most specific routes possible, are checked
first. Using the netmask of the overlaid network won't necessarily
cause things to fail (it depends upon what else is in the routing
table), but will slow things down.

By the way, this is really OT for this list because it doesn't
involve security.

--Brett




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message