From owner-freebsd-questions Tue Dec 10 20:17:18 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E5C9D37B401 for ; Tue, 10 Dec 2002 20:17:16 -0800 (PST) Received: from entwistle.sonicboom.org (node-423a3b1b-san-onnet.worldcom.com [66.58.59.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 54CBE43ED1 for ; Tue, 10 Dec 2002 20:17:16 -0800 (PST) (envelope-from bri@sonicboom.org) Received: from bwhalen (localhost.sonicboom.org [127.0.0.1]) by entwistle.sonicboom.org (8.12.6/8.12.6) with SMTP id gBB4HAPe074280 for ; Tue, 10 Dec 2002 20:17:10 -0800 (PST) (envelope-from bri@sonicboom.org) Message-ID: <018a01c2a0cc$8e249590$3224200a@bwhalen> From: "Brian" To: "FreeBSD Questions" References: Subject: Re: single nic firewall - what are my vulnerabilities. Date: Tue, 10 Dec 2002 20:19:53 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG One issue of using a single nic for both the internal and external interfaces is going to be throughput. I've used 2 nics when doing this, but with one collisions have been reported to be higher. Bri ----- Original Message ----- From: "Lorin Lund" To: "FreeBSD Questions" Sent: Tuesday, December 10, 2002 7:56 PM Subject: single nic firewall - what are my vulnerabilities. > I just got DSL. My FreeBSD box that used to be my dial-up gateway > is now my DSL gateway. I don't have any spare NICs right now so > I have my home network defined as subnet 169.254.0.xxx. The DSL > 'modem' defines itself as 192.168.0.1. So the NIC in my FreeBSD > gateway is defined as 192.168.0.4 and aliased to 169.254.0.1. > > natd is running with -a 192.168.0.1 . > In rc.conf > firewall_type="OPEN" > So right now I don't have any firewall protection. ipfw is just > there to host natd. Assuming that I can create the right set of > ipfw rules (and I suppose that could be complicated by the aliasing) > are there any other vulnerabilities? Is there any way that anything > dangerous can go directly from the DSL 'modem' to one of the other > PC's that is on the internal subnet? I would think that being on > separate logical subnets would keep any TCP/IP traffic or UDP/IP > traffic from getting around the firewall but are there any other > packet types or protocols that could slip through and cause trouble? > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message