Date: Tue, 10 Dec 2002 20:19:53 -0800 From: "Brian" <bri@sonicboom.org> To: "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG> Subject: Re: single nic firewall - what are my vulnerabilities. Message-ID: <018a01c2a0cc$8e249590$3224200a@bwhalen> References: <UOYW4X2ZYVYVAYWSOVSQKXR9585JHGA.3df6b769@Presarionb>
next in thread | previous in thread | raw e-mail | index | archive | help
One issue of using a single nic for both the internal and external
interfaces is going to be throughput. I've used 2 nics when doing this, but
with one collisions have been reported to be higher.
Bri
----- Original Message -----
From: "Lorin Lund" <wbs@infowest.com>
To: "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG>
Sent: Tuesday, December 10, 2002 7:56 PM
Subject: single nic firewall - what are my vulnerabilities.
> I just got DSL. My FreeBSD box that used to be my dial-up gateway
> is now my DSL gateway. I don't have any spare NICs right now so
> I have my home network defined as subnet 169.254.0.xxx. The DSL
> 'modem' defines itself as 192.168.0.1. So the NIC in my FreeBSD
> gateway is defined as 192.168.0.4 and aliased to 169.254.0.1.
>
> natd is running with -a 192.168.0.1 .
> In rc.conf
> firewall_type="OPEN"
> So right now I don't have any firewall protection. ipfw is just
> there to host natd. Assuming that I can create the right set of
> ipfw rules (and I suppose that could be complicated by the aliasing)
> are there any other vulnerabilities? Is there any way that anything
> dangerous can go directly from the DSL 'modem' to one of the other
> PC's that is on the internal subnet? I would think that being on
> separate logical subnets would keep any TCP/IP traffic or UDP/IP
> traffic from getting around the firewall but are there any other
> packet types or protocols that could slip through and cause trouble?
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?018a01c2a0cc$8e249590$3224200a>