View Single Post
  #1   (View Single Post)  
Old 20th August 2013
frcc frcc is offline
Don't Worry Be Happy!
 
Join Date: Jul 2011
Location: hot,dry,dusty,rainy,windy,straight winds, tornado,puts the fear of God in you-Texas
Posts: 335
Default ifconfig and ssh question

We have an internet server on an openbsd box (ver 5.3)
receiving traffic on port 80 from the wan to various virtual hosts.

traffic is directed to this machine via an off the shelf router.
(only because i have not completely figured how to write the
pf redirection code)

The internal internet server only serves port 80 traffic unless it is
generated statefully outbound from itself.
I have set up a pf.conf file filtering traffic on this server.

I currently ssh into this box via fxp0 along with internet traffic.
PF is set to only allow ssh traffic from lan and is configured with
antispoof entries.

All our servers have many nic cards.
Question:
Would if help security to ssh into this box using fxp1 instead of fxp0
i.e. physically seperating WAN internet and ssh traffic.
adding entries into pf.conf as necessary. ?????

.AND. if so
What would be the diff in doing that with using an alias on fxp0 ??????


thankyou in advance.....
Reply With Quote