I suppose this is more of a learning/curiosity question which came up by my step son wanting to multihome a single nic in his WinXP machine instead of buying a cheap router. That way he would have some programming capability he wouldn't have with a NetGear. ( He is a Win Networking type)
But then I got to thinking: There are lots of Computers on a PCI card which would run Linux. But they mostly only have one ethernet port. So If you multihomed the ethernet you could have a truly inexpensive but highly programmable router in a desktop pc. You'd have to write your own firewall scripts but I do that anyway. The private LAN packets would bounce off your ISP. Wrong MAC. That would double your outgoing bandwidth consumption, but you don't use much outgoing anyway. Or would a switch isolate the ISP's by MAC? I can see where this is insecure, technically speaking, but only as far as the ISP's gateway. Maybe? It's just interesting. Charles Steinkuehler <[EMAIL PROTECTED]> on 03/04/2003 10:30:35 AM To: Phillip Watts/austin/[EMAIL PROTECTED] cc: Subject: Re: [leaf-user] One nic router. [EMAIL PROTECTED] wrote: > > I have a reason to explore a single nic route. > That is multi-homing, external and internal interface > on the same ethernet interface. > > Assuming this can be done, I haven't even tested the > concept yet, > Are there glaring security reasons not to do this? It can be done, but yes, there are glaring security reasons to avoid such a practice. The primary issue is with both internal and external networks on the same physical wire, it is trivial in the extreme to simply bypass the router. This makes the router either redundant (no need for it in the first place, since everyone on the same wire can already talk amongst themselves), or allows violation of any firewall rules you're trying to implement on the router. The only instance I can think of in which a single physical interface router would make sense to me is if you're using VLANs, in which case you could build a router to bridge different VLAN segments on a single physical link. Of course, I suspect if you're buying VLAN capable switches, you probably wouldn't have posted the above question in the first place. There are some other instances where this sort of topology might be useful, but in general you're better off to simply renumber your networks. Provide a bit more detail about what you're trying to accomplish, and the constraints you're working with (ie no money to buy two hubs, trying to connect multiple existing networks that can't be renumberd to a single physical segment, or whatever), and we can probably provide decent advice. -- Charles Steinkuehler [EMAIL PROTECTED] ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
