Re: Quick bridging question

[Claus <cniesen@gmx.net>]

Thanks Jason that help a lot.

Now I'm wondering what happens if I ssh to the internal interface (A) from 
my interface, does that leak to the internet.  And what about when I ssh 
from the internet to my internal interface (A), does that leak to the local 
lan?

I'm wondering about this because I found out that ipf.rules such as "block 
in quick on B from any to any" doesn't have any effect since the 
connections to the internal interface's IP number appear as if they came 
from the internal interface instead of the external one.

   Claus

At 01:09 PM 03/01/2001, Jason Wright wrote:
>On Thu, Mar 01, 2001 at 10:17:37AM -0600, Claus wrote:
> > On an OpenBSD machine with two network interfaces, A (internal/lan) and B
> > (external/internet), where the a bridge between A and B exists, do packets
> > that are sent from the local lan to interface A's IP number get routed out
> > to the internet via the B network interface?
> >
>dhcpd uses bpf(4) to grabbing frames which bypasses ipf(4) so if it
>is bound only to the internal interface, then ipf can be used to
>prevent spoofed replies on the external interface.  Packets should
>not leak onto the external interface because dhcp replies (offers
>and acks) are unicast, and the MAC address of the requesting host
>should already be in the bridge address cache.
>
>Now, that said, there was a bug recently fixed that fixes the learning
>of source addresses of broadcast packets.
>
>--Jason L. Wright