This is a BAD BAD BAD idea for several reasons.
#1 This leads to leaky network syndrome. My firewall on my DSL line gets
blasted every few hours when PCs and Printers get rebooted in someones small
office. Their DHCP and NetBIOS broadcasts come through loud and clear.
Many DSL customers actually participate in large bridge groups. This means
things are not routed, but bridged as they come into the ISP, so people
see each other's broadcasts.
#2 It's a wide open security hole. It may be possible for someone on the
outside, perhaps in your bridge group, or at your ISP, to spoof packets with
the internal address of your network and thus completely bypass your firewall
.
#3 Think of the firewall box as a lightning aresstor. Do you want the outside
line plugged into your hub to hit every box, or would you rather soften the
blow through one box and hope the others survive? I have no idea what kind
of surge supression those DSL boxes provide, but wouldn't count on it.
I'm speaking from experience here. One of the power mains to my apartment
complex got blasted this summer. Welded some breakers solid on, others just
burnt out. The maintenence people spent a week tracking down electrical
faults through the building after that.
On Tue, Nov 23, 1999 at 02:29:37PM -0500, Edward Marczak wrote:
> on 22/11/99 5:14 PM, also sprach Morse:
>
> > I am setting up a 486 RH 6.1 to act as a gateway for my cable modem.
> > With a NT box I need to use two NICs ...one for the LAN and one for the
> > Cable modem and then use a proxy server.
> > But with Linux it is not a proxy...but a simple gateway address...
> >
> > Ok then do I need two NICs in the Linux box ...one for the modem and one
> > for the LAN ?
> > Or is there someway that I can just have one NIC for the LAN and plug the
> > cable modem into the hub without purchasing separate IP addresses for the
> > clients.
>
> While I can't give you all of the details, you should be able to assign two
> IPs to one card (IP Aliaising/Multi-Homing) and route between them. So if
> you assign w.x.y.z to the interface that goes to your cable modem (because
> the cable company told you to), you can also assign 192.168.1.1 to the same
> interface.
>
> I haven't used IP_Masq enough to know if it will work with this set up, but
> if it does, your clients talk to 192.168.1.1, and get masqueraded to
> w.x.y.z. All of your clients get a 192.168.1.x address.
>
> Make sense? I'm sure someone will correct me if IP_Masq will hate this
> configuration.
> --
> Ed Marczak, The New York Media Group, Inc.
> [EMAIL PROTECTED]
>
>
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
>
--
J. Scott Kasten
jsk AT tetracon-eng DOT net
"That wasn't an attack. It was preemptive retaliation!"
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
