[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: selecting old machines for firewall/router use

shawn wilson put forth on 2/21/2011 6:05 PM:
> On Mon, Feb 21, 2011 at 6:45 PM, Stan Hoeppner <stan@hardwarefreak.com>wrote:
> 
>> Pascal Hambourg put forth on 2/21/2011 3:51 PM:
>>> Stan Hoeppner a écrit :
>>>>
>>>> You only need one
>>>> NIC in your firewall box when using a switch.  You simply plug
>>>> everything into the switch including the DSL modem and the Netgear.
>>>> Bind both the public and private IP addresses to the same NIC in the
>>>> firewall using a virtual NIC: i.e. eth0 and eth0:1.
>>>
>>> This is a wrong idea because the firewall can be by-passed, leaving a
>>> hole in the LAN security.
>>
>> Would you mind explaining why you believe this?

> well, if you fill up a switch's arp cache, it starts acting like a hub. at
> that point data goes everywhere.

Would you mind pointing the list to the document that verifies your claim?

> supposedly, there is also a way to 'pivot' past a nat device - i haven't
> looked into this, so i can't speak to this much...

Again, would you mind pointing us to a document that verifies this?

I ask because neither are true, and I'd like to see the source of your
misinformation.

-- 
Stan
Reply to: