On Mon, Feb 21, 2011 at 6:45 PM, Stan Hoeppner
<stan@hardwarefreak.com> wrote:
Pascal Hambourg put forth on 2/21/2011 3:51 PM:
> Stan Hoeppner a écrit :
>>
>> You only need one
>> NIC in your firewall box when using a switch. You simply plug
>> everything into the switch including the DSL modem and the Netgear.
>> Bind both the public and private IP addresses to the same NIC in the
>> firewall using a virtual NIC: i.e. eth0 and eth0:1.
>
> This is a wrong idea because the firewall can be by-passed, leaving a
> hole in the LAN security.
Would you mind explaining why you believe this?
well, if you fill up a switch's arp cache, it starts acting like a hub. at that point data goes everywhere.
supposedly, there is also a way to 'pivot' past a nat device - i haven't looked into this, so i can't speak to this much...