Date: Tue, 15 May 2001 20:37:53 -0500 From: "Kyle Crane" <kcrane@kcsaturn.homeip.net> To: <freebsd-security@freebsd.org> Subject: Re: risks of ip-forwarding, without ipf/ipfw Message-ID: <002101c0dda8$d3b3e400$3401a8c0@kcranemobile> References: <3B01A386.53176DF8@centtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I would think long and hard before doing that. There are numerous ways to hop through a gateway to the nice juicey targets behind it. You end up allowing everyone out there to fire away at anything you have running. In practical terms it so much easier to secure a single gateway than to secure a gateway plus N number of internal workstations. Learn and run ipf or ipfw. You will be very happy you did. Kyle ----- Original Message ----- From: "Eric Anderson" <anderson@centtech.com> To: <freebsd-security@freebsd.org> Sent: Tuesday, May 15, 2001 4:45 PM Subject: risks of ip-forwarding, without ipf/ipfw > What are the risks of having a dual-homed machine (2 NIC's), one on the > big bad internet and one on a home lan, with ip forwarding enabled, > without ipf or ipfw running? > > Is this a very bad thing? Is this easily "hopped" to access the > internal net? > The one way I can think of that would be fairly easy to do is to use the > box as a gateway to the internal home net, and that would allow access > to the internal net.. (this is in theory, since I haven't set this up > and tested this yet).. > > Thoughts? > > > > Eric > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002101c0dda8$d3b3e400$3401a8c0>