From owner-freebsd-questions Thu Aug 5 13:15:31 1999 Delivered-To: freebsd-questions@freebsd.org Received: from ginger.kf7nn.com (mti-r1-aptis-4-p1997.cybertrails.com [162.42.15.204]) by hub.freebsd.org (Postfix) with ESMTP id 475C615558 for ; Thu, 5 Aug 1999 13:15:07 -0700 (PDT) (envelope-from root@ginger.kf7nn.com) Received: (from root@localhost) by ginger.kf7nn.com (8.9.3/8.9.3) id NAA00729; Thu, 5 Aug 1999 13:00:27 -0700 (MST) (envelope-from root) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: Date: Thu, 05 Aug 1999 13:00:26 -0700 (MST) From: vagner@WWW.TIMANDPATRICK.COM To: Christian Kratzer Subject: Re: FREEBSD, Proxy Server, Cable Modem Cc: Joe , freebsd-questions@FreeBSD.ORG, Eric Lee Green , vagner@WWW.TIMANDPATRICK.COM Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I wasnt aware of this! sorry i will change that as soon as i get erics card in the mail. On 05-Aug-99 Christian Kratzer wrote: > Hi, > > the point Eric was getting upset about was propably that you said yuo were > only using one network card and a hub. Your cable modem is a bridge. In a > setup > like this all yuor ip's and mac address would leak to the public side even > if you would route them onto a nat firewall first. > > All it needs is an arp request coming in over the wire for the ip address > range yuo are using internally and your machines would answer and expose > themselves. > > If you are running only one network card you are unprotected. > > Greetings > Christian > > > On Thu, 5 Aug 1999 vagner@WWW.TIMANDPATRICK.COM wrote: > >> Sorry it isnt me, I am using firewall and natd and i dont use the >> 192.168.1.xxx >> for my internal addresses. >> >> a quick scan of their network revealed 542 duplicate ip addresses in the >> range of 192.168.x.x so there are alot of "Morons" on their network >> which is probably correct since they only support Microsoft morons. >> >> >> >> On 05-Aug-99 Eric Lee Green wrote: >> > On Thu, 05 Aug 1999, vagner@www.timandpatrick.com wrote: >> >> I also have a similiar setup, mine has only one network card, >> >> basically come out of the cable modem into a hub and just plug in the >> >> freebsd >> >> machine and then point the other machines to the freebsd machine that has >> >> firewall and natd running. >> > >> > So *YOU* are the moron making my kernel complain that "192.168.1.1 is on >> > de0, >> > but was accessed from rl0". (Yes, I'm on cable modem too). >> > >> > It's silliness like this that's going to get FreeBSD and Linux users >> > banned >> > from the cable network. You can't just put any old addresses out onto a >> > public Ethernet (which is what the cable "modem" is, basically) and expect >> > the >> > rest of us to put up with it. >> > >> > Put another card into your machine and use it as a gateway and firewall. >> > Please. >> > I'll even send you a spare RTL-based card if you want (they're slow and >> > worthless for real work, but okay for half-duplex 10BaseT), and provide >> > detailed >> > setup for how to set up ipfw and natd (it's pretty easy, just a couple of >> > rc.conf tweaks). Just please quit polluting the public network with your >> > private >> > addresses! >> > >> > -- >> > Eric Lee Green http://members.tripod.com/e_l_green >> > mail: e_l_green@hotmail.com >> > ^^^^^^^ Burdening Microsoft with SPAM! >> > >> > >> > To Unsubscribe: send mail to majordomo@FreeBSD.org >> > with "unsubscribe freebsd-questions" in the body of the message >> >> ---------------------------------- >> E-Mail: vagner@vagner.com or kf7nn@kf7nn.com >> Date: 05-Aug-99 >> Time: 12:07:46 >> >> "What the hell are you getting so upset about? I thought you >> didn't believe in God." >> "I don't," she sobbed, bursting violently into tears, "but the >> God I don't believe in is a good God, a just God, a merciful God. He's >> not the mean and stupid God you make Him out to be." >> -- Joseph Heller, "Catch-22" >> >> This message was sent using FreeBSD Unix. >> ---------------------------------- >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message >> > > -- > TopLink Internet Services GmbH ck@171.2.195.in-addr.arpa > Christian Kratzer http://www.toplink.net/ > Phone: +49 7032 2701-0 > Fax: +49 7032 2701-19 FreeBSD spoken here! ---------------------------------- E-Mail: vagner@vagner.com or kf7nn@kf7nn.com Date: 05-Aug-99 Time: 12:58:51 If Reagan is the answer, it must have been a VERY silly question. This message was sent using FreeBSD Unix. ---------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message