[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Quick bridging question

To: Claus <cniesen@gmx.net>
Subject: Re: Quick bridging question
From: Jason Wright <jason@thought.net>
Date: Thu, 1 Mar 2001 14:09:51 -0500
Cc: misc@openbsd.org
Content-Disposition: inline
References: <20010301163859.A4628@nord-com.net> <F119BNlJbSorxTjtRpe00023076@hotmail.com> <3A9CF4EC.89053D01@syracusenetworks.com> <1214252845.20010301125058@securax.org> <20010301163859.A4628@nord-com.net> <7018442538.20010301164728@securax.org> <5.0.1.4.2.20010301100708.00a4f6e0@pop.gmx.de>
User-Agent: Mutt/1.2.5i

On Thu, Mar 01, 2001 at 10:17:37AM -0600, Claus wrote:
> On an OpenBSD machine with two network interfaces, A (internal/lan) and B 
> (external/internet), where the a bridge between A and B exists, do packets 
> that are sent from the local lan to interface A's IP number get routed out 
> to the internet via the B network interface?
> 
dhcpd uses bpf(4) to grabbing frames which bypasses ipf(4) so if it
is bound only to the internal interface, then ipf can be used to
prevent spoofed replies on the external interface.  Packets should
not leak onto the external interface because dhcp replies (offers
and acks) are unicast, and the MAC address of the requesting host
should already be in the bridge address cache.

Now, that said, there was a bug recently fixed that fixes the learning
of source addresses of broadcast packets.

--Jason L. Wright

Follow-Ups:
- Re: Quick bridging question
  - From: Claus <cniesen@gmx.net>

References:
- Re: Re[2]: image of a harddrive
  - From: Jan-Uwe Finck <ju.finck@nord-com.net>
- Re[2]: image of a harddrive
  - From: Tom Van de Wiele <tosh@securax.org>
- Re[4]: image of a harddrive
  - From: Tom Van de Wiele <tosh@securax.org>
- Quick bridging question
  - From: Claus <cniesen@gmx.net>

Prev by Date: Re: my box froze
Next by Date: Re: brconfig and ARP
Prev by thread: Quick bridging question
Next by thread: Re: Quick bridging question
Index(es):
- Date
- Thread