From owner-freebsd-security Wed May 16 16:37:29 2001 Delivered-To: freebsd-security@freebsd.org Received: from prox.centtech.com (moat2.centtech.com [206.196.95.21]) by hub.freebsd.org (Postfix) with ESMTP id E7AFE37B422 for ; Wed, 16 May 2001 16:37:25 -0700 (PDT) (envelope-from anderson@centtech.com) Received: (from smap@localhost) by prox.centtech.com (8.9.3+Sun/8.9.3) id PAA28837; Wed, 16 May 2001 15:35:24 -0500 (CDT) Received: from proton.centtech.com(10.177.173.77) by prox via smap (V2.1+anti-relay+anti-spam) id xma028835; Wed, 16 May 01 15:35:18 -0500 Message-ID: <3B02E486.4E6870AE@centtech.com> Date: Wed, 16 May 2001 15:35:18 -0500 From: Eric Anderson Reply-To: anderson@centtech.com Organization: Centaur Technology X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.14-5.0smp i686) X-Accept-Language: en MIME-Version: 1.0 To: Crist Clark Cc: freebsd-security@freebsd.org Subject: Re: risks of ip-forwarding, without ipf/ipfw References: <3B01A386.53176DF8@centtech.com> <3B01D2DD.C1DEBD2E@globalstar.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org No, I'm not actually doing this, I was more curious than anything. I use ipfilter myself. Thanks for the good thoughts everyone. Crist Clark wrote: > > Eric Anderson wrote: > > > > What are the risks of having a dual-homed machine (2 NIC's), one on the > > big bad internet and one on a home lan, with ip forwarding enabled, > > without ipf or ipfw running? > > A.k.a. a router. > > All it means is that every machine on the home LAN must be hardened > and treated as if it were directly connected to the Internet 'cause, > well, it is. > -- > Crist J. Clark Network Security Engineer > crist.clark@globalstar.com Globalstar, L.P. > (408) 933-4387 FAX: (408) 933-4926 > > The information contained in this e-mail message is confidential, > intended only for the use of the individual or entity named above. If > the reader of this e-mail is not the intended recipient, or the employee > or agent responsible to deliver it to the intended recipient, you are > hereby notified that any review, dissemination, distribution or copying > of this communication is strictly prohibited. If you have received this > e-mail in error, please contact postmaster@globalstar.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- ------------------------------------------------------------------------------- Eric Anderson anderson@centtech.com Centaur Technology (512) 418-5792 The idea is to die young as late as possible. ------------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message