|
||||||||
On Sun, 11 Jan 2004, Jim McBeath wrote: > On Mon, Jan 12, 2004 at 12:19:55AM -0600, fred at daytonawan dot com wrote: > > You can't really use any firewalls I can think of with only one interface, > > simply because there wouldn't be much security there. Although, you Indeed, especially since many broadband setups run the modem as a bridge, often with no more filtering than the minimum required by 802.1D. > > can use the same switch or hub or whatever for both interfaces and rely > > on layer 3 to separate your WAN and LAN networks. I know that, because > > I'm doing it at present. If for some reason you can't connect a second > > ethernet interface directly to your modem, you could leave it plugged in > > to the hub and connect your second ethernet interface to the hub as well. > > Either way, you really need a second ethernet interface on your m0n0 box. Once you have a second NIC, you can connect that directly to the modem and keep the modem off the LAN. If you need to have something else connect to the modem, use a separate hub or switch. > This would be an interesting application for an interface alias ability in > m0n0wall. That should give you the same functionality as using two NICs > connected to one hub. No, the alias capability is just an "alias", not a full-fledged separate logical interface. They don't associate with separate routing entries, and hence the alias addresses are never used as (default) source addresses in outbound connections. For most practical purposes, aliases are only useful when in the same subnet as the primary address. This is fine for their intended purposes, such as providing multiple WAN IPs (which can be NATted to different internal servers), or using different LAN IPs for different "roles" that can be assigned to the same box or to different boxes without reconfiguring clients. Fred Wright |