I suppose this is more of a learning/curiosity question
which came up by my step son wanting to multihome
a single nic in his WinXP machine instead of buying a cheap router.
That way he would have some programming capability he wouldn't
have with a NetGear.  ( He is a Win Networking type)

But then I got to thinking:  There are lots of Computers on a PCI card which
would run Linux.  But they mostly only have one ethernet port.

So If you multihomed the ethernet you could have a truly inexpensive
but highly programmable router in a desktop pc.

You'd have to write your own firewall scripts but I do that anyway.
The private LAN packets would bounce off your ISP.  Wrong MAC.

That would double your outgoing bandwidth consumption, but you don't
use much outgoing anyway.
Or would a switch isolate the ISP's by MAC?
I can see where this is insecure, technically speaking,
but only as far as the ISP's gateway. Maybe?

It's just interesting.





Charles Steinkuehler <[EMAIL PROTECTED]> on 03/04/2003 10:30:35 AM

To:   Phillip Watts/austin/[EMAIL PROTECTED]
cc:

Subject:  Re: [leaf-user] One nic router.



[EMAIL PROTECTED] wrote:
>
> I have a reason to explore a single nic route.
> That is multi-homing, external and internal interface
> on the same ethernet interface.
>
> Assuming this can be done, I haven't even tested the
> concept yet,
> Are there glaring security reasons not to do this?

It can be done, but yes, there are glaring security reasons to avoid
such a practice.

The primary issue is with both internal and external networks on the
same physical wire, it is trivial in the extreme to simply bypass the
router.  This makes the router either redundant (no need for it in the
first place, since everyone on the same wire can already talk amongst
themselves), or allows violation of any firewall rules you're trying to
implement on the router.

The only instance I can think of in which a single physical interface
router would make sense to me is if you're using VLANs, in which case
you could build a router to bridge different VLAN segments on a single
physical link.  Of course, I suspect if you're buying VLAN capable
switches, you probably wouldn't have posted the above question in the
first place.

There are some other instances where this sort of topology might be
useful, but in general you're better off to simply renumber your networks.

Provide a bit more detail about what you're trying to accomplish, and
the constraints you're working with (ie no money to buy two hubs, trying
to connect multiple existing networks that can't be renumberd to a
single physical segment, or whatever), and we can probably provide
decent advice.

--
Charles Steinkuehler
[EMAIL PROTECTED]








-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to