Re: 3 NICs - 1 upstream, 2 downstream to same subnet??

From: RRrp Toren (rtoren_at_bronzedragon.net)
Date: 09/03/04

  • Next message: RRrp Toren: "Re: 3 NICs - 1 upstream, 2 downstream to same subnet??" 
    Date: Fri, 03 Sep 2004 06:54:04 -0400
To: Charles Swiger <cswiger@mac.com>

    Charles Swiger wrote:
    > On Sep 2, 2004, at 2:17 PM, rip wrote:
    >
    >> I am trying to make a configuration to isolate the WiFi APs on a
    >> single segment. DHCP hands out 'good' addresses (10.0.0.x) to MACs it
    >> recognizes and 'bad' (10.99.0.x) when the MAC does not match and is
    >> taken from the common pool.
    >> I then will use ipfw to block the trespassers, but do a bit of data
    >> collection at the same time. I don't expect much bad traffic here
    >> since WEP will keep out the casual. Just a defense-in-depth thing.
    >
    >
    > What you're trying to do work actually give you much benefit to
    > security: someone who wants to break in doesn't have to pay attention to
    > the DHCP lease you give them, they can just assign themselves a good
    > 10.0.0.x address.
        I am not a believer in the idea that the only good solution is the 100%
    solution. I like the multi-layering of 80% solutions.
        The IP addresses here were picked for demonstration purposes. The actuals
    set can come from anywhere within the RFC 1918 network numbers. So picking a
    good IP the 1st time, in the blind, is like shooting a bullseye on the first
    shot in a pitchblack range you just stepped into. Then there are other layers
    that have to be bypassed. Sort of like Indiana Jones. There are many
    challenges to overcome, with only one attempt each. I am just asking about the
    technical feasability.
    >
    > The second problem you are having is that you can't have two NIC on the
    > same subnet. The routing table needs interfaces to be unique so it
    > doesn't have to guess which route should be used.
    >
        If this is a FreeBSD implementation restriction, then so be it. I have
    always thought routers could service a large subnet with multiple interfaces.
    And that FreeBSD could be configured as a router.

    Thanks for the info

    Rip
    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: RRrp Toren: "Re: 3 NICs - 1 upstream, 2 downstream to same subnet??"

    Relevant Pages

    • Re: Slow browsing with cable modem
      ... Linux box. ... > The routers address is one I haven't seen before. ... browsers are _useless_ for diagnosing network ... configuration problems. ...
      (comp.os.linux.networking)
    • Re: Could I have your suggestions?
      ... the IP config of the public side of the routers is ... > the VPN tunnel to the main office. ... This will create a connection from ... > the DHCP server at the main office and IP configuration will be ...
      (microsoft.public.windows.server.networking)
    • Re: Any Way to Lock TCP Traffic to One Router
      ... The routers should be setup in a redundant fashion such as HSRP or ... It does not make sense to have two separate routers doing the same ... function (providing gateway services), they should be configured as a ... Given the above configuration, is there any way to lock a TCP connection ...
      (microsoft.public.windows.server.networking)
    • Re: HSRP and Policy Route
      ... routers think they are the local owner of the 5.1 subnet, ... connected to each other in that VLAN to exchange HSRP packets. ... now I am taking only default route from the ISP's but I guess if I ... I misread your configuration above. ...
      (comp.dcom.sys.cisco)
    • Re: Multiple DSL Lines on single system
      ... What Network specific (IE Router or Routers) configuration is ... Is there a Firewall device between the LAN and the WAN (and if so ... The simplistic reply ASSUMING you have no specific WAN sharing ...
      (comp.dcom.xdsl)