Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Best IP configuration for OpenBSD firewall/router

From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Tue, 19 Aug 2003 11:28:53 +0200
On 2003-08-18 Arturo Buanzo Busleiman wrote:

From: Damon McMahon [mailto:inst_karma () hotmail com]

The easy option seems to put it on the same subnet, say
192.168.0.254 (since 192.168.0.1 is already taken by the existing
Windows 2000 gatway); everything communicates with everything in
this configuration.


Well, everything communicates with everything at MAC (not IP) level,
taking switches/hubs into account (check ettercap.sf.net). The subnet
change owuld only have a meaning at the IP level. Anyway, it's still a
router, and so it does still get all the packets, entering and leaving
the router :).


I think you're wrong.

Your clients will have to have at least one default gateway specified (I
had to learn there can be more ;), so they will know where to send all
those packets, whose destination is not inside their own network (here:
192.168.0.0/24). This default gateway must have an address from within
the clients' network, otherwise it won't be reachable from the client
(or there would be no need for such things as routers ;), and I would
expect the clients to rather refuse sending the packet than broadcasting
it.

Or am I missing something here?

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: