Menu
▾
▴
Re: [coLinux-devel] A different networking config...
|
From: Clemmitt M. S. <sig...@bl...> - 2004-03-23 19:40:38
|
Hey, On Tue, 23 Mar 2004 ch...@to... wrote: > Disclaimer: IANAMCSE and IANAcLD > If the bridging is setup correctly then only the ethernet level of the > stack should be used for the unfiltered data because windows does not > have an address on the physical lan all TCP/IP trafic will be filtered. You're right! I didn't look at it the right way, now did I? :^P Didn't think about bridging. I'm very NAT-centered.... I've never done the "filtering bridge" setup before. But it's a thoroughly cool method. If you haven't heard about it, here's a decent page Google coughed up: http://ezine.daemonnews.org/200211/ipfilter-bridge.html and there are plenty more out there about configuring xBSD as a filtering bridge. In short, (I hope I'm summarizing this correctly, please correct me if I'm not) this is a network box configured without an IP address on either its up- or down-stream interfaces. This means it's more or less "invisible" but still filters packets. Keeps crackers from knowing it's there, and makes it very difficult to break into as well. If Windows can work in a similar way, bridging without an IP address on its outside Network Connection, this would eliminate a significant vulnerability space and might just do what you want. Anyone else out there know if this is possible (IANAMCSE, either :^)? Clemmitt |
