From owner-freebsd-security Wed Jun 27 9:46:24 2001 Delivered-To: freebsd-security@freebsd.org Received: from prox.centtech.com (moat2.centtech.com [206.196.95.21]) by hub.freebsd.org (Postfix) with ESMTP id 998CB37B409 for ; Wed, 27 Jun 2001 09:46:18 -0700 (PDT) (envelope-from anderson@centtech.com) Received: (from smap@localhost) by prox.centtech.com (8.9.3+Sun/8.9.3) id LAA21923 for ; Wed, 27 Jun 2001 11:46:15 -0500 (CDT) Received: from sprint.centtech.com(10.177.173.31) by prox via smap (V2.1+anti-relay+anti-spam) id xma021921; Wed, 27 Jun 01 11:46:13 -0500 Received: from centtech.com (proton [10.177.173.77]) by sprint.centtech.com (8.9.3+Sun/8.9.3) with ESMTP id LAA21410 for ; Wed, 27 Jun 2001 11:46:13 -0500 (CDT) Message-ID: <3B3A0DD7.87EDC7E@centtech.com> Date: Wed, 27 Jun 2001 11:46:15 -0500 From: Eric Anderson Reply-To: anderson@centtech.com Organization: Centaur Technology X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.14-5.0smp i686) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: 3 nics - 1 bridge - 2 ips - bad? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Lets say I have 3 NIC's in a machine running FreeBSD 4.2. Is it possible to have this sort of configuration: xl0 - 200.200.200.200 - [interface 1 of bridge0] xl1 - NO IP - [interface 2 of bridge0] xl2 - 192.168.10.10 - not part of any bridge the 200.200.200.200 number is of course made up, but signifies an interface on the unprotected net. The 192.168.10.10 interface is also made up, showing an interface on the protected internal net. Now, the xl1 interface is bridged to xl0, creating a port for passing thru to the unprotected net that xl0 is on. Is there any inherent security flaws in this configuration (besides having a possible computer plug into the xl1 port and not being behind a firewall), assuming it works at all? Thanks in advance.. Eric -- ------------------------------------------------------------------------------- Eric Anderson anderson@centtech.com Centaur Technology (512) 418-5792 For every complex problem, there is a solution that is simple, neat, and wrong. ------------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message