Date: Mon, 07 Aug 2000 19:05:38 +0200 From: Mattias Pantzare <pantzer@ludd.luth.se> To: Nick Sayer <nsayer@quack.kfu.com> Cc: Robert Watson <rwatson@FreeBSD.ORG>, freebsd-emulation@FreeBSD.ORG, security-officer@FreeBSD.ORG, pantzer@ludd.luth.se Subject: Re: vmware changes result in nasty bridging mess Message-ID: <200008071705.TAA05733@mother.ludd.luth.se> In-Reply-To: Message from Nick Sayer <nsayer@quack.kfu.com> of "Sun, 06 Aug 2000 23:04:45 PDT." <398E517D.A524966F@quack.kfu.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > 1. You are probably the only person on the planet who has a machine with > > > both > > > bridging and vmware who (aparently) doesn't intend to bridge the guest > > > onto > > > the connected LAN. This means that you have an opportunity to customize > > > the > > > startup script rather than insist that everyone have it the way you like > > > it. > > > > Possibly true, but I'm interested in POLA for many situations, not just > > the common case. :-) See below, however. > > But isn't that which astonishes least that which astonishes the least > number > of people?! On our campus network it is not uncommon to find peaople that has a gateway machine so that they can have several computers. Both the campus network and the private network is on ethernet. Guess what will hapen when they start to use vmware... Remember that it is usualy a normal workstation that is used for this. It may even be the fastest computer. If the network administrator sees packets from a diffrent IP-range on the network then the offendig computers is very likly to be disconnected. That will astonish the poor student... > > No, I'm worried about the following case: a machine with two interfaces, > > and vmware, who then tries out bridging for the purposes of using vmware. > > Everyone with this configuration, please raise their hands. > > Remember, to qualify the two interfaces must be run simultaneously. Do not assume that all networks look like the ones you have used. > > The result of that operation is not POLA, as the BRIDGE documentation > > clearly specifies that to turn on bridging, you set the sysctl, and that > > the option is passive until then. As the port is currently written, it > > enables BRIDGE at every boot, regardless of a guest running, and affects > > more than just the guest environment, bridging all interfaces. > > And for both of you out there with two Ethernet cards and VMware > running, > you might want to add a bridge_cfg ioctl between the refresh and the > enabling sysctl. The port shoud do that then. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-emulation" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008071705.TAA05733>