Re: Firewall question
On Fri, Jun 09, 2006 at 05:43:24AM +0200, Andi Kleen wrote: > No one out on the internet, but it would be trivial for someone outside > his house. All his traffic will be on a long unsecured cable. > > That is why I would never bridge home ethernet traffic onto a DSL line. Hmm, traffic sent between his machines would not go over the DSL since the MAC address doesn't match the DSL modem (I would think so at least). It would be a mess if the DSL modem tried to forwards all traffic on an ethernet segment (well it doesn't have the bandwidth for sure). Maybe I am incorrectly assuming the DSL modem only forwards the PPPoE traffic being sent at it. I could see broadcast traffic being forwarded, although arps and such are generally not that interesting. Len Sorensen - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Firewall question
> Well the DSL modem only transfers whatever data the ISP end sends to it, > which in your case is just PPP packets (LCC or LCP I think). No one out > on the internet No one out on the internet, but it would be trivial for someone outside his house. All his traffic will be on a long unsecured cable. That is why I would never bridge home ethernet traffic onto a DSL line. -Andi - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Firewall question
On Thu, Jun 08, 2006 at 11:57:12AM -0700, Alex Davis wrote: > The scenario: > I have a DSL modem in pass through (bridge) mode. The linux firewall/router > has a single ethernet card. It is running pppoe. This gives two interfaces: > eth0 and ppp0. The firewall is running iptables. There are several machines > behind the firewall. > > Problem: > I've been told that if someone whose public IP address is on the same > network subnet as mine were to get my mac address, (s)he could bypass > the firewall and talk directly to the machines behind it. > > Is this true? Well the DSL modem only transfers whatever data the ISP end sends to it, which in your case is just PPP packets (LCC or LCP I think). No one out on the internet would be able to send ethernet data over the DSL link, so the only way to send data to another machine on your network (that the DSL modem is connected to physically) is if you have other machines on your local network which are also running PPPoE and listening for that traffic. So the worst thing I can see happening is that someone on your local network could potentially take over your PPPoE session, but that's about it. I just can't see anything else that could happen. I used to run exactly the setup you describe before I had to drop the DSL connection (I moved). Len Sorensen - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Firewall question
The scenario: I have a DSL modem in pass through (bridge) mode. The linux firewall/router has a single ethernet card. It is running pppoe. This gives two interfaces: eth0 and ppp0. The firewall is running iptables. There are several machines behind the firewall. Problem: I've been told that if someone whose public IP address is on the same network subnet as mine were to get my mac address, (s)he could bypass the firewall and talk directly to the machines behind it. Is this true? Thanks. I code, therefore I am __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
