shawn wilson put forth on 2/21/2011 6:05 PM: > On Mon, Feb 21, 2011 at 6:45 PM, Stan Hoeppner <s...@hardwarefreak.com>wrote: > >> Pascal Hambourg put forth on 2/21/2011 3:51 PM: >>> Stan Hoeppner a écrit : >>>> >>>> You only need one >>>> NIC in your firewall box when using a switch. You simply plug >>>> everything into the switch including the DSL modem and the Netgear. >>>> Bind both the public and private IP addresses to the same NIC in the >>>> firewall using a virtual NIC: i.e. eth0 and eth0:1. >>> >>> This is a wrong idea because the firewall can be by-passed, leaving a >>> hole in the LAN security. >> >> Would you mind explaining why you believe this?
> well, if you fill up a switch's arp cache, it starts acting like a hub. at > that point data goes everywhere. Would you mind pointing the list to the document that verifies your claim? > supposedly, there is also a way to 'pivot' past a nat device - i haven't > looked into this, so i can't speak to this much... Again, would you mind pointing us to a document that verifies this? I ask because neither are true, and I'd like to see the source of your misinformation. -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d630722.1030...@hardwarefreak.com