![]() |
|
OpenBSD Security Functionally paranoid! |
![]() |
|
Thread Tools | Display Modes |
|
|||
![]()
Hello,
I would like to setup a firewall which has only one physical NIC using the 'alias' parameter in 'ifconfig'. Are there any security risks using this configuration in comparison to a configuration with two physical NICs? Thanks in advance, Ido. |
|
|||
![]()
In http://www.daemonforums.org/showthread.php?t=4367 I give an example of a pf ruleset protecting a desktop machine with only one NIC.
To protect a network or multiple machines, you really need 2 NICs else it won't work ![]()
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
![]()
The question isn't whether it can be done or not, but whether is there a security risk in doing so.
Why do you say I need two NICs in order to protect a network of multiple machines? I can simply connect the firewall, the modem and the rest of the machines to a switch. |
|
|||
![]()
If something is not possible, it is useless to wonder whether it has security risks
![]() How are you going to prevent the machines from not using the modem directly, and thus bypass your one NIC firewall?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
![]()
I see. I'll probably buy a RJ45 to USB adapter in-order to overcome this problem.
Thanks for the answers, Ido. |
![]() |
Thread Tools | |
Display Modes | |
|
|
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
DIY OpenBSD Firewall Appliance | mikesg | OpenBSD Security | 34 | 6th January 2010 06:17 AM |
OpenBSD amd64 or i386 for firewall/router | J65nko | OpenBSD General | 7 | 24th December 2009 09:06 PM |
PF firewall | bsdnewbie999 | OpenBSD General | 3 | 28th April 2009 12:35 PM |
import physical freeBSD into VMWARE (ESX) server as a vServer | ccc | FreeBSD General | 6 | 3rd October 2008 07:04 AM |
OpenBSD firewall resources | J65nko | OpenBSD Security | 0 | 1st June 2008 02:28 AM |