From owner-freebsd-stable  Wed Oct  9 17:32: 7 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5060337B401
	for <freebsd-stable@FreeBSD.ORG>; Wed,  9 Oct 2002 17:32:06 -0700 (PDT)
Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EB3A543E6E
	for <freebsd-stable@FreeBSD.ORG>; Wed,  9 Oct 2002 17:32:05 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: from apollo.backplane.com (localhost [127.0.0.1])
	by apollo.backplane.com (8.12.5/8.12.4) with ESMTP id g9A0W3PQ023124;
	Wed, 9 Oct 2002 17:32:03 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.12.5/8.12.4/Submit) id g9A0W3lI023123;
	Wed, 9 Oct 2002 17:32:03 -0700 (PDT)
	(envelope-from dillon)
Date: Wed, 9 Oct 2002 17:32:03 -0700 (PDT)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <200210100032.g9A0W3lI023123@apollo.backplane.com>
To: Paul te Bokkel <paul@tebokkel.com>
Cc: Bill Moran <wmoran@potentialtech.com>,
	Thomas Quinot <thomas@cuivre.fr.eu.org>, freebsd-stable@FreeBSD.ORG
Subject: Re: Setup routing entry for host with a non-local IP address
References: <20021009151733.GA15162@melusine.cuivre.fr.eu.org> <20021009210242.GA34352@tebokkel.com> <3DA49D72.6070205@potentialtech.com> <200210092201.g99M1YTA007964@apollo.backplane.com> <20021010001956.GA58085@tebokkel.com>
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG


:> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
:>         inet 216.240.41.17 netmask 0xffffffc0 broadcast 216.240.41.63
:>         inet 10.0.0.2 netmask 0xffffff00 broadcast 10.0.0.255
:>         inet 216.240.41.21 netmask 0xffffffff broadcast 216.240.41.21
:
:That's what I said..  However, I would never use the above setup if
:it's supposed to be secure. Anyone with access to a machine in the
:41.1-41.62 range would be able to sniff the 10-net, which would not
:like. (maybe your setup allows for this, but I wouldn't mind the cost
:of a $6 el-cheapo NIC and a crosscable to get more secure, it's even
:cheaper than the time spend typing this mail ;-) ).

   Uhh.  I don't see how this can possibly make things more secure.  If
   the machine needs to be on both nets and someone breaks root on it,
   having a second NIC isn't going to save you.

:But in the case of two physical interfaces on the same (physical)
:segment, you get ARP errors. With aliases, you don't.
:
:Regards,
:
:Paul 

    ARP errors?  Only if you try to configure the same IP address on
    the two interfaces.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message